A security vulnerability has been detected in GPAC 26.03-DEV-rev342-g80071f700-master. The impacted element is the function txtinprobeduration of the file src/filters/loadtext.c of the component TeXML File Handler. Such manipulation of the argument txmltimescale leads to divide by zero. An attack has to be approached locally. The name of the patch is 86a5191f2e750c767253e27ed6cfd6d547afebc2. A patch should be applied to remediate this issue.
{
"cwe_ids": [
"CWE-369",
"CWE-404"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/14xxx/CVE-2026-14801.json",
"cna_assigner": "VulDB",
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "26.03-DEV-rev342-g80071f700-master"
},
{
"last_affected": "26.03-DEV-rev342-g80071f700-master"
}
],
"source": "AFFECTED_FIELD"
}
]
}[
{
"source": "https://github.com/gpac/gpac/commit/86a5191f2e750c767253e27ed6cfd6d547afebc2",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"169973697478446967026635996914428127328",
"173332205699571808735417016862651823060",
"17724232539021276381441696975051315294",
"44333390121552824897024666327613951078",
"110500413904893942800943238091893256112"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2026-14801-236e39e1",
"target": {
"file": "src/isomedia/isom_read.c"
}
},
{
"source": "https://github.com/gpac/gpac/commit/86a5191f2e750c767253e27ed6cfd6d547afebc2",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "296201616841945489801028654479003026079",
"length": 5780.0
},
"deprecated": false,
"id": "CVE-2026-14801-40f10db2",
"target": {
"function": "txtin_probe_duration",
"file": "src/filters/load_text.c"
}
},
{
"source": "https://github.com/gpac/gpac/commit/86a5191f2e750c767253e27ed6cfd6d547afebc2",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "5647120844940047727203422252987609445",
"length": 2466.0
},
"deprecated": false,
"id": "CVE-2026-14801-47ac8830",
"target": {
"function": "gf_isom_release_segment",
"file": "src/isomedia/isom_read.c"
}
},
{
"source": "https://github.com/gpac/gpac/commit/86a5191f2e750c767253e27ed6cfd6d547afebc2",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"223532963051212601587577333860825809833",
"45912967676261999951776995381918752764",
"161725200790361372484207929744585399766",
"59929039830255714539883633884316791001",
"138383601988162985854973638029292634991"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2026-14801-482aaca4",
"target": {
"file": "src/laser/lsr_dec.c"
}
},
{
"source": "https://github.com/gpac/gpac/commit/86a5191f2e750c767253e27ed6cfd6d547afebc2",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"298119631557852242737698914490214186837",
"169443265407777735627765755569351226793",
"199228053451509444438044603066833553455",
"29183426652277310059407032539734952111"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2026-14801-4d853f4a",
"target": {
"file": "src/filters/load_text.c"
}
},
{
"source": "https://github.com/gpac/gpac/commit/86a5191f2e750c767253e27ed6cfd6d547afebc2",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "79134910230643174910273891939981433693",
"length": 941.0
},
"deprecated": false,
"id": "CVE-2026-14801-54c56da6",
"target": {
"function": "gf_bs_new",
"file": "src/utils/bitstream.c"
}
},
{
"source": "https://github.com/gpac/gpac/commit/86a5191f2e750c767253e27ed6cfd6d547afebc2",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "262122537749763954463003878150331713787",
"length": 5475.0
},
"deprecated": false,
"id": "CVE-2026-14801-8cd0ad40",
"target": {
"function": "Media_RewriteODFrame",
"file": "src/isomedia/media_odf.c"
}
},
{
"source": "https://github.com/gpac/gpac/commit/86a5191f2e750c767253e27ed6cfd6d547afebc2",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"1264265530218981439370435873222610598",
"42176422920232517908837425314839137357",
"72150859834834501321142845080322273811",
"142287560769283630698267475123428483836",
"325359230312412899483572351862619492974",
"160121613540282644419792524250574123397",
"285548955309445481272261232965814637619",
"132112458209329754441262975095540256587"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2026-14801-a015683b",
"target": {
"file": "src/utils/bitstream.c"
}
},
{
"source": "https://github.com/gpac/gpac/commit/86a5191f2e750c767253e27ed6cfd6d547afebc2",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "188556643561276593288810077319830059881",
"length": 2382.0
},
"deprecated": false,
"id": "CVE-2026-14801-a98d49e7",
"target": {
"function": "lsr_read_id",
"file": "src/laser/lsr_dec.c"
}
},
{
"source": "https://github.com/gpac/gpac/commit/86a5191f2e750c767253e27ed6cfd6d547afebc2",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"37597380410459628765299504098197392982",
"314518923907443907061223077223397755849",
"77033215408907174959569731435652259784",
"31803608325141597184600499448648998623"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2026-14801-d05ab581",
"target": {
"file": "src/isomedia/media_odf.c"
}
},
{
"source": "https://github.com/gpac/gpac/commit/86a5191f2e750c767253e27ed6cfd6d547afebc2",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "99832640345512242908517363110337249287",
"length": 2651.0
},
"deprecated": false,
"id": "CVE-2026-14801-e6dcbb8b",
"target": {
"function": "gf_bs_write_data",
"file": "src/utils/bitstream.c"
}
}
]
"2026-07-15T23:33:38Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-14801.json"