CVE-2026-27821

UNKNOWN 0.0

GPAC NHML Demuxer (dmx_nhml.c) Vulnerable to Stack Buffer Overflow

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

GPAC is an open-source multimedia framework. In versions up to and including 26.02.0, a stack buffer overflow occurs during NHML file parsing in `src/filters/dmx_nhml.c`. The value of the xmlHeaderEnd XML attribute is copied from att->value into szXmlHeaderEnd[1000] using strcpy() without any length validation. If the input exceeds 1000 bytes, it overwrites beyond the stack buffer boundary. Commit 9bd7137fded2db40de61a2cf3045812c8741ec52 patches the issue.

CWE	CWE-121
Vendor	gpac
Product	gpac
Published	Feb 26, 2026
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for gpac gpac

Be the first to know when new unknown vulnerabilities affecting gpac gpac are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

gpac / gpac

<= 26.02.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/gpac/gpac/security/advisories/GHSA-q7qh-8r2r-q559 github.com: https://github.com/gpac/gpac/commit/9bd7137fded2db40de61a2cf3045812c8741ec52