UBUNTU-CVE-2026-7135

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-7135

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7135.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-7135

Upstream

CVE-2026-7135

Published

2026-04-27T16:16:00Z

Modified

2026-05-14T14:57:20.329992Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elngboxread of the file src/isomedia/boxcodebase.c of the component MP4Box. Performing a manipulation of the argument elng results in out-of-bounds read. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks. The patch is named cf6ac48c972eaaee2af270adc3f36615325deb3e. The affected component should be upgraded.

References

Affected packages

Ubuntu:Pro:14.04:LTS

gpac

Package

Name: gpac
Purl: pkg:deb/ubuntu/gpac@0.5.0+svn4288~dfsg1-4ubuntu1+esm2?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.5.0+svn4288~dfsg1-1ubuntu1

0.5.0+svn4288~dfsg1-4

0.5.0+svn4288~dfsg1-4ubuntu1

0.5.0+svn4288~dfsg1-4ubuntu1+esm1

0.5.0+svn4288~dfsg1-4ubuntu1+esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "gpac",
            "binary_version": "0.5.0+svn4288~dfsg1-4ubuntu1+esm2"
        },
        {
            "binary_name": "gpac-modules-base",
            "binary_version": "0.5.0+svn4288~dfsg1-4ubuntu1+esm2"
        },
        {
            "binary_name": "libgpac2",
            "binary_version": "0.5.0+svn4288~dfsg1-4ubuntu1+esm2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7135.json"

Ubuntu:Pro:16.04:LTS

gpac

Package

Name: gpac
Purl: pkg:deb/ubuntu/gpac@0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm2?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.5.2-426-gc5ad4e4+dfsg5-1build1

0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1

0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "gpac",
            "binary_version": "0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm2"
        },
        {
            "binary_name": "gpac-modules-base",
            "binary_version": "0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm2"
        },
        {
            "binary_name": "libgpac4",
            "binary_version": "0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7135.json"

Ubuntu:Pro:18.04:LTS

gpac

Package

Name: gpac
Purl: pkg:deb/ubuntu/gpac@0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.5.2-426-gc5ad4e4+dfsg5-3

0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1

0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "gpac",
            "binary_version": "0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm1"
        },
        {
            "binary_name": "gpac-modules-base",
            "binary_version": "0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm1"
        },
        {
            "binary_name": "libgpac4",
            "binary_version": "0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7135.json"

Ubuntu:Pro:20.04:LTS

gpac

Package

Name: gpac
Purl: pkg:deb/ubuntu/gpac@0.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm2?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.5.2-426-gc5ad4e4+dfsg5-4ubuntu1

0.5.2-426-gc5ad4e4+dfsg5-5

0.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "gpac",
            "binary_version": "0.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm2"
        },
        {
            "binary_name": "gpac-modules-base",
            "binary_version": "0.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm2"
        },
        {
            "binary_name": "libgpac4",
            "binary_version": "0.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7135.json"

Ubuntu:Pro:22.04:LTS

gpac

Package

Name: gpac
Purl: pkg:deb/ubuntu/gpac@2.0.0+dfsg1-2ubuntu0.1~esm2?arch=source&distro=esm-apps/jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.1+dfsg1-4

1.0.1+dfsg1-5

2.*

2.0.0+dfsg1-2

2.0.0+dfsg1-2ubuntu0.1~esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "gpac",
            "binary_version": "2.0.0+dfsg1-2ubuntu0.1~esm2"
        },
        {
            "binary_name": "gpac-modules-base",
            "binary_version": "2.0.0+dfsg1-2ubuntu0.1~esm2"
        },
        {
            "binary_name": "libgpac11",
            "binary_version": "2.0.0+dfsg1-2ubuntu0.1~esm2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7135.json"

Ubuntu:Pro:24.04:LTS

gpac

Package

Name: gpac
Purl: pkg:deb/ubuntu/gpac@2.2.1+dfsg1-3.1ubuntu0.1~esm2?arch=source&distro=esm-apps/noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.1+dfsg1-3

2.2.1+dfsg1-3.1

2.2.1+dfsg1-3.1build1

2.2.1+dfsg1-3.1build2

2.2.1+dfsg1-3.1ubuntu0.1~esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "gpac",
            "binary_version": "2.2.1+dfsg1-3.1ubuntu0.1~esm2"
        },
        {
            "binary_name": "gpac-modules-base",
            "binary_version": "2.2.1+dfsg1-3.1ubuntu0.1~esm2"
        },
        {
            "binary_name": "libgpac12t64",
            "binary_version": "2.2.1+dfsg1-3.1ubuntu0.1~esm2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7135.json"