CVE-2026-4015
GPAC TeXML File load_text.c txtin_process_texml stack-based overflow
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtin_process_texml of the file src/filters/load_text.c of the component TeXML File Parser. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. This patch is called d29f6f1ada5cc284cdfa783b6f532c7d8bd049a5. Applying a patch is advised to resolve this issue.
| CWE | CWE-121 CWE-119 |
| Vendor | n/a |
| Product | gpac |
| Published | Mar 12, 2026 |
| Last Updated | Mar 12, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a gpac
Be the first to know when new medium vulnerabilities affecting n/a gpac are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / GPAC
26.03-DEV
References
vuldb.com: https://vuldb.com/?id.350537 vuldb.com: https://vuldb.com/?ctiid.350537 vuldb.com: https://vuldb.com/?submit.769797 github.com: https://github.com/gpac/gpac/issues/3467 github.com: https://github.com/gpac/gpac/issues/3467#issuecomment-3945864390 github.com: https://github.com/user-attachments/files/25493992/poc_texml_overflow.py github.com: https://github.com/gpac/gpac/commit/d29f6f1ada5cc284cdfa783b6f532c7d8bd049a5 github.com: https://github.com/gpac/gpac/
Credits
๐ breakingbad (VulDB User)