Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
GPAC TeXML File Parser Allows Local Attackers to Crash the Program
CVE-2026-4015
Summary
A bug in GPAC's TeXML File Parser could allow an attacker on the same computer to crash the program. This is a local issue, so it doesn't pose a risk to users who access GPAC over the internet. To fix this, update GPAC to the latest version, which includes a patch to prevent the bug.
Original title
A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtin_process_texml of the file src/filters/load_text.c of the component TeXML File Parser. Executing a manipulation can l...
Original description
A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtin_process_texml of the file src/filters/load_text.c of the component TeXML File Parser. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. This patch is called d29f6f1ada5cc284cdfa783b6f532c7d8bd049a5. Applying a patch is advised to resolve this issue.
nvd CVSS2.0
4.3
nvd CVSS3.1
5.3
nvd CVSS4.0
4.8
Vulnerability type
CWE-119
Buffer Overflow
CWE-121
Stack-based Buffer Overflow
- https://github.com/gpac/gpac/
- https://github.com/gpac/gpac/commit/d29f6f1ada5cc284cdfa783b6f532c7d8bd049a5
- https://github.com/gpac/gpac/issues/3467
- https://github.com/gpac/gpac/issues/3467#issuecomment-3945864390
- https://github.com/user-attachments/files/25493992/poc_texml_overflow.py
- https://vuldb.com/?ctiid.350537
- https://vuldb.com/?id.350537
- https://vuldb.com/?submit.769797
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026