CVE-2026-8124

Source
https://cve.org/CVERecord?id=CVE-2026-8124
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8124.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-8124
Downstream
Published
2026-05-08T01:15:10.347Z
Modified
2026-07-15T17:43:43.870564Z
Severity
  • 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
GPAC box_code_base.c sidx_box_read allocation of resources
Details

A security vulnerability has been detected in GPAC up to 26.02.0. This affects the function sidxboxread of the file src/isomedia/boxcodebase.c. The manipulation leads to allocation of resources. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The identifier of the patch is 442e2299530138d8f874fd885c565ba98a6318ba. It is suggested to install a patch to address this issue.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/8xxx/CVE-2026-8124.json",
    "cwe_ids": [
        "CWE-400",
        "CWE-770"
    ],
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/gpac/gpac

Affected ranges

Type
GIT
Repo
https://github.com/gpac/gpac
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*",
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "26.02.0"
        }
    ]
}

Affected versions

26.*
26.02
Other
abi-12
abi-13
abi-14
abi-15
abi-16
abi-12.*
abi-12.16
abi-12.17
abi-12.18
abi-12.19
abi-12.20
abi-12.21
abi-12.22
abi-12.23
abi-12.24
abi-12.25
abi-12.26
abi-12.27
abi-13.*
abi-13.0
abi-14.*
abi-14.0
abi-15.*
abi-15.0
abi-15.1
abi-15.2
abi-16.*
abi-16.2
abi-16.3
abi-16.4
abi-16.5
abi-16.6
abi-16.7
testtag0.*
testtag0.1
v0.*
v0.5.2
v0.6.0
v0.9.0
v0.9.0-preview
v1.*
v1.0.0
v2.*
v2.0.0
v2.2.0
v26.*
v26.02.0

Database specific

vanir_signatures
[
    {
        "source": "https://github.com/gpac/gpac/commit/442e2299530138d8f874fd885c565ba98a6318ba",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "99191716650873037127751483420864790178",
                "59190519347188670210601336933133043384",
                "295811206339753423634388887064646188821",
                "17555061330626622987589199989738733792"
            ]
        },
        "id": "CVE-2026-8124-05e3ff50",
        "signature_type": "Line",
        "target": {
            "file": "src/isomedia/box_code_3gpp.c"
        }
    },
    {
        "source": "https://github.com/gpac/gpac/commit/442e2299530138d8f874fd885c565ba98a6318ba",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "205069557293387727774894153318768847083",
                "111531810840798752810605312726971714499",
                "162863733306238089440985302471493867035"
            ]
        },
        "id": "CVE-2026-8124-1ef6f9c9",
        "signature_type": "Line",
        "target": {
            "file": "src/isomedia/box_code_base.c"
        }
    },
    {
        "source": "https://github.com/gpac/gpac/commit/442e2299530138d8f874fd885c565ba98a6318ba",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "315955664192322028799951727797615101035",
            "length": 1164.0
        },
        "id": "CVE-2026-8124-917b5dbb",
        "signature_type": "Function",
        "target": {
            "function": "sidx_box_read",
            "file": "src/isomedia/box_code_base.c"
        }
    },
    {
        "source": "https://github.com/gpac/gpac/commit/442e2299530138d8f874fd885c565ba98a6318ba",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "100662774407517633538258849516698147637",
            "length": 2674.0
        },
        "id": "CVE-2026-8124-c12a8ef8",
        "signature_type": "Function",
        "target": {
            "function": "text_box_read",
            "file": "src/isomedia/box_code_3gpp.c"
        }
    }
]
vanir_signatures_modified
"2026-07-15T17:43:43Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8124.json"