CVE-2026-4015 - Vulnerability Details

- GPAC TeXML File load_text.c txtin_process_texml stack-based overflow

Description

A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtin_process_texml of the file src/filters/load_text.c of the component TeXML File Parser. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. This patch is called d29f6f1ada5cc284cdfa783b6f532c7d8bd049a5. Applying a patch is advised to resolve this issue.

Published: 2026-03-12

Score: 4.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability resides in the txtin_process_texml function of the TeXML File Parser component within GPAC. A specially crafted TeXML file can cause the function to write beyond the bounds of a local stack buffer, resulting in a stack-based buffer overflow. This flaw is identified as CWE‑119 (Buffer Over-read) and CWE‑121 (Stack-based Buffer Overflow) and may lead to a crash or execution of attacker-supplied code if local privileges are obtained.

Affected Systems

GPAC multimedia framework, version 26.03-DEV, the development snapshot referenced in the CVE. The CPE string cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:* indicates that all variants of GPAC with the same unpatched code are affected. No specific release numbers beyond 26.03-DEV are listed, but any build incorporating the unpatched function is vulnerable.

Risk and Exploitability

The CVSS score of 4.8 indicates moderate severity. The EPSS score of less than 1% suggests a low probability of widespread exploitation, and the vulnerability is not currently listed in the CISA KEV catalog. Attackers can exploit the flaw locally by providing a malicious TeXML file to the GPAC parser; there is no documented network exposure. A public exploit script is available, confirming that local exploitation is feasible and could be leveraged in attacks that rely on GPAC processing of untrusted documents.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

GPAC

affected

Version	Status	Constraints
`26.03-DEV`	affected	—

No data.

Vendor Product Confidence Versions

Gpac

95%

Version	Status	Scheme	Platform
`26.03-DEV`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the official patch corresponding to commit d29f6f1ada5cc284cdfa783b6f532c7d8bd049a5 to the GPAC 26.03-DEV source code.

Generated by OpenCVE AI on March 18, 2026 at 15:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/gpac/gpac/
https://github.com/gpac/gpac/commit/d29f6f1ada5cc284cdfa783b6f532c7d8bd049a5
https://github.com/gpac/gpac/issues/3467
https://github.com/gpac/gpac/issues/3467#issuecomment-3945864390
https://github.com/user-attachments/files/25493992/poc_texml_overflow.py
https://vuldb.com/?ctiid.350537
https://vuldb.com/?id.350537
https://vuldb.com/?submit.769797

History

Thu, 12 Mar 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 12 Mar 2026 08:45:00 +0000

Type	Values Removed	Values Added
Description		A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtin_process_texml of the file src/filters/load_text.c of the component TeXML File Parser. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. This patch is called d29f6f1ada5cc284cdfa783b6f532c7d8bd049a5. Applying a patch is advised to resolve this issue.
Title		GPAC TeXML File load_text.c txtin_process_texml stack-based overflow
First Time appeared		Gpac Gpac gpac
Weaknesses		CWE-119 CWE-121
CPEs		cpe:2.3:a:gpac:gpac::::::::
Vendors & Products		Gpac Gpac gpac
References		https://github.com/gpac/gpac/ https://github.com/gpac/gpac/commit/d29f6f1ada5cc284cdfa783b6f532c7d8bd049a5 https://github.com/gpac/gpac/issues/3467 https://github.com/gpac/gpac/issues/3467#issuecomment-3945864390 https://github.com/user-attachments/files/25493992/poc_texml_overflow.py https://vuldb.com/?ctiid.350537 https://vuldb.com/?id.350537 https://vuldb.com/?submit.769797
Metrics		cvssV2_0 `{'score': 4.3, 'vector': 'AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}` cvssV3_0 `{'score': 5.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}` cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}` cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Gpac Gpac

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-12T08:32:09.817Z

Updated: 2026-03-12T13:29:40.996Z

Reserved: 2026-03-11T19:19:37.048Z

Link: CVE-2026-4015

Vulnrichment

Updated: 2026-03-12T13:29:31.157Z

NVD

Status : Deferred

Published: 2026-03-12T09:15:58.430

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-4015

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-20T15:49:57Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object