CVE-2026-4016

MEDIUM 5.3

GPAC SVG Parser load_svg.c svgin_process out-of-bounds write

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

A security vulnerability has been detected in GPAC 26.03-DEV. Affected by this vulnerability is the function svgin_process of the file src/filters/load_svg.c of the component SVG Parser. The manipulation leads to out-of-bounds write. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. The identifier of the patch is 7618d7206cdeb3c28961dc97ab0ecabaff0c8af2. It is suggested to install a patch to address this issue.

CWE	CWE-787 CWE-119
Vendor	n/a
Product	gpac
Published	Mar 12, 2026
Last Updated	Mar 12, 2026

Stay Ahead of the Next One

Get instant alerts for n/a gpac

Be the first to know when new medium vulnerabilities affecting n/a gpac are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

n/a / GPAC

26.03-DEV

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.350538 vuldb.com: https://vuldb.com/?ctiid.350538 vuldb.com: https://vuldb.com/?submit.769798 github.com: https://github.com/gpac/gpac/issues/3468 github.com: https://github.com/user-attachments/files/25494042/poc_dims_oob.py github.com: https://github.com/gpac/gpac/commit/7618d7206cdeb3c28961dc97ab0ecabaff0c8af2 github.com: https://github.com/gpac/gpac/

Credits

🔍 breakingbad (VulDB User)