CVE-2026-4015

Source
https://cve.org/CVERecord?id=CVE-2026-4015
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-4015.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-4015
Downstream
Published
2026-03-12T08:32:09.817Z
Modified
2026-07-08T08:09:29.276107166Z
Severity
  • 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
GPAC TeXML File load_text.c txtin_process_texml stack-based overflow
Details

A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtinprocesstexml of the file src/filters/load_text.c of the component TeXML File Parser. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. This patch is called d29f6f1ada5cc284cdfa783b6f532c7d8bd049a5. Applying a patch is advised to resolve this issue.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/4xxx/CVE-2026-4015.json",
    "cwe_ids": [
        "CWE-119",
        "CWE-121"
    ],
    "cna_assigner": "VulDB",
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "26.03-DEV"
                },
                {
                    "last_affected": "26.03-DEV"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/gpac/gpac

Affected ranges

Type
GIT
Repo
https://github.com/gpac/gpac
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}

Affected versions

Other
abi-12
abi-13
abi-14
abi-15
abi-16
abi-12.*
abi-12.16
abi-12.17
abi-12.18
abi-12.19
abi-12.20
abi-12.21
abi-12.22
abi-12.23
abi-12.24
abi-12.25
abi-12.26
abi-12.27
abi-13.*
abi-13.0
abi-14.*
abi-14.0
abi-15.*
abi-15.0
abi-15.1
abi-15.2
abi-16.*
abi-16.2
abi-16.3
abi-16.4
abi-16.5
testtag0.*
testtag0.1
v0.*
v0.5.2
v0.6.0
v0.9.0
v0.9.0-preview
v1.*
v1.0.0
v2.*
v2.0.0
v2.2.0
v26.*
v26.02.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-4015.json"