CVE-2026-4015

CVE Database · CVE-2026-4015

CVE-2026-4015

· MEDIUMDeferred

CVSS v3.1

5.3

CVSS v4.0

1.9

EPSS

0.13%

Published

Mar 12, 2026

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtin_process_texml of the file src/filters/load_text.c of the component TeXML File Parser. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. This patch is called d29f6f1ada5cc284cdfa783b6f532c7d8bd049a5. Applying a patch is advised to resolve this issue.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Weaknesses (CWE)

CWE-119CWE-121

References (8)

https://github.com/gpac/gpac/

https://github.com/gpac/gpac/commit/d29f6f1ada5cc284cdfa783b6f532c7d8bd049a5

https://github.com/gpac/gpac/issues/3467

https://github.com/gpac/gpac/issues/3467#issuecomment-3945864390

https://github.com/user-attachments/files/25493992/poc_texml_overflow.py

https://vuldb.com/?ctiid.350537

https://vuldb.com/?id.350537

https://vuldb.com/?submit.769797

KEV Catalog EPSS Scores Vendors All CVEs