Impact
The vulnerability resides in the GPAC TeXML File Handler’s txtin_probe_duration function. An attacker controlling the txml_timescale argument can cause a divide by zero error, leading to a crash of the GPAC process. The resulting denial of service disrupts local functionality of the application that processes TeXML files. The weakness is a classic divide‑by‑zero flaw (CWE‑369) and also highlights a lack of proper error handling (CWE‑404).
Affected Systems
The affected software is GPAC, specifically version 26.03‑DEV‑rev342‑g80071f700-master. No additional vendors or product lines are listed. The issue is confined to the load_text.c component that handles TeXML files. Systems running this GPAC build for processing TeXML content are impacted.
Risk and Exploitability
The CVSS score of 4.8 indicates moderate severity. The EPSS score is below 1 %, implying that exploitation is unlikely at present, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is local, meaning that an attacker must have access to the host to supply a malicious TeXML file. The exploit would simply trigger a crash, causing a denial of service for the user or service performing the load. No active exploits are documented, and the low EPSS suggests current risk is limited, but the vulnerability could be leveraged by privileged users or automation scripts that manipulate TeXML content.
OpenCVE Enrichment