CVE-2026-27821
- Source
- https://cve.org/CVERecord?id=CVE-2026-27821
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27821.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-27821
- Aliases
-
- GHSA-q7qh-8r2r-q559
- Downstream
- Published
- 2026-02-26T00:08:39.924Z
- Modified
- 2026-03-01T01:35:12.729948Z
- Severity
-
- 7.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P CVSS Calculator
- Summary
- GPAC NHML Demuxer (dmx_nhml.c) Vulnerable to Stack Buffer Overflow
- Details
-
GPAC is an open-source multimedia framework. In versions up to and including 26.02.0, a stack buffer overflow occurs during NHML file parsing in
src/filters/dmx_nhml.c. The value of the xmlHeaderEnd XML attribute is copied from att->value into szXmlHeaderEnd[1000] using strcpy() without any length validation. If the input exceeds 1000 bytes, it overwrites beyond the stack buffer boundary. Commit 9bd7137fded2db40de61a2cf3045812c8741ec52 patches the issue. - Database specific
{ "cwe_ids": [ "CWE-121" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27821.json" }- References
Affected packages
Git / github.com/gpac/gpac
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gpac/gpac
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
abi-12
abi-13
abi-14
abi-15
abi-16
abi-12.*
abi-12.16
abi-12.17
abi-12.18
abi-12.19
abi-12.20
abi-12.21
abi-12.22
abi-12.23
abi-12.24
abi-12.25
abi-12.26
abi-12.27
abi-13.*
abi-13.0
abi-14.*
abi-14.0
abi-15.*
abi-15.0
abi-15.1
abi-15.2
abi-16.*
abi-16.2
abi-16.3
abi-16.4
abi-16.5
testtag0.*
testtag0.1
v0.*
v0.5.2
v0.6.0
v0.6.1
v0.7.0
v0.7.1
v0.8.0
v0.9.0
v0.9.0-preview
v1.*
v1.0.0
v1.0.1
v2.*
v2.0.0
v2.2.0
v2.4.0
v26.*
v26.02.0
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27821.json"
vanir_signatures
[
{
"id": "CVE-2026-27821-5609afac",
"digest": {
"length": 15871.0,
"function_hash": "49639006672541792469419052183598815771"
},
"signature_type": "Function",
"target": {
"file": "src/filters/dmx_nhml.c",
"function": "nhmldmx_config_output"
},
"signature_version": "v1",
"source": "https://github.com/gpac/gpac/commit/9bd7137fded2db40de61a2cf3045812c8741ec52",
"deprecated": false
},
{
"id": "CVE-2026-27821-69111c6f",
"digest": {
"length": 2882.0,
"function_hash": "197643474210489130564824762400441259544"
},
"signature_type": "Function",
"target": {
"file": "src/filters/dmx_nhml.c",
"function": "nhml_sample_from_xml"
},
"signature_version": "v1",
"source": "https://github.com/gpac/gpac/commit/9bd7137fded2db40de61a2cf3045812c8741ec52",
"deprecated": false
},
{
"id": "CVE-2026-27821-87c11e42",
"digest": {
"threshold": 0.9,
"line_hashes": [
"69307874579041098318118039163190680494",
"172355400088332614315165908094767826136",
"110727529533573750273690857930053344879",
"12027001582305540139459998710805689300",
"157090740655188596006606780908918591149",
"126488087720159560942315614403567159271",
"78901649039802600961395851467558574237",
"215370647248848863465071286397049660733",
"283514314039919329812545506809015398641",
"168884986678017434897184513655937902701",
"333990912246060891222156258256422581957",
"139745539557160236720496614955583281234",
"239629221419867221011083902769216077601",
"135771039265629501615784003019631043245",
"19608717842067872360738701024127604310",
"249309176699806287300522437868534820477",
"316368856364931175755666806661135105208",
"37873530508385193178604898616776917663",
"56376223591944943167108597692959924993",
"331645399102952268860465798763362676538",
"38119605885037414825642125614998130688"
]
},
"signature_type": "Line",
"target": {
"file": "src/filters/dmx_nhml.c"
},
"signature_version": "v1",
"source": "https://github.com/gpac/gpac/commit/9bd7137fded2db40de61a2cf3045812c8741ec52",
"deprecated": false
}
]