FKIE_CVE-2026-4015

Vulnerability from fkie_nvd - Published: 2026-03-12 09:15 - Updated: 2026-04-29 01:00
Severity
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtin_process_texml of the file src/filters/load_text.c of the component TeXML File Parser. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. This patch is called d29f6f1ada5cc284cdfa783b6f532c7d8bd049a5. Applying a patch is advised to resolve this issue.
References
cna@vuldb.comhttps://github.com/gpac/gpac/
cna@vuldb.comhttps://github.com/gpac/gpac/commit/d29f6f1ada5cc284cdfa783b6f532c7d8bd049a5
cna@vuldb.comhttps://github.com/gpac/gpac/issues/3467
cna@vuldb.comhttps://github.com/gpac/gpac/issues/3467#issuecomment-3945864390
cna@vuldb.comhttps://github.com/user-attachments/files/25493992/poc_texml_overflow.py
cna@vuldb.comhttps://vuldb.com/?ctiid.350537
cna@vuldb.comhttps://vuldb.com/?id.350537
cna@vuldb.comhttps://vuldb.com/?submit.769797
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtin_process_texml of the file src/filters/load_text.c of the component TeXML File Parser. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. This patch is called d29f6f1ada5cc284cdfa783b6f532c7d8bd049a5. Applying a patch is advised to resolve this issue."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una debilidad en GPAC 26.03-DEV. Afectada es la funci\u00f3n txtin_process_texml del archivo src/filters/load_text.c del componente TeXML File Parser. La ejecuci\u00f3n de una manipulaci\u00f3n puede conducir a un desbordamiento de b\u00fafer basado en pila. Es posible lanzar el ataque en el host local. El exploit se ha puesto a disposici\u00f3n del p\u00fablico y podr\u00eda usarse para ataques. Este parche se llama d29f6f1ada5cc284cdfa783b6f532c7d8bd049a5. Se aconseja aplicar un parche para resolver este problema."
    }
  ],
  "id": "CVE-2026-4015",
  "lastModified": "2026-04-29T01:00:01.613",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.4,
        "source": "cna@vuldb.com",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 1.9,
          "baseSeverity": "LOW",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "PROOF_OF_CONCEPT",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "LOW",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "cna@vuldb.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-12T09:15:58.430",
  "references": [
    {
      "source": "cna@vuldb.com",
      "url": "https://github.com/gpac/gpac/"
    },
    {
      "source": "cna@vuldb.com",
      "url": "https://github.com/gpac/gpac/commit/d29f6f1ada5cc284cdfa783b6f532c7d8bd049a5"
    },
    {
      "source": "cna@vuldb.com",
      "url": "https://github.com/gpac/gpac/issues/3467"
    },
    {
      "source": "cna@vuldb.com",
      "url": "https://github.com/gpac/gpac/issues/3467#issuecomment-3945864390"
    },
    {
      "source": "cna@vuldb.com",
      "url": "https://github.com/user-attachments/files/25493992/poc_texml_overflow.py"
    },
    {
      "source": "cna@vuldb.com",
      "url": "https://vuldb.com/?ctiid.350537"
    },
    {
      "source": "cna@vuldb.com",
      "url": "https://vuldb.com/?id.350537"
    },
    {
      "source": "cna@vuldb.com",
      "url": "https://vuldb.com/?submit.769797"
    }
  ],
  "sourceIdentifier": "cna@vuldb.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        },
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "cna@vuldb.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.