GPAC is a multimedia framework for rich media and is distributed under the LGPL license. hevc_parse_vps_extension function in MP4Box in GPAC version 1.0.1 is vulnerable to a stack buffer overflow. An attacker could exploit the vulnerability via specially crafted files to cause a denial of service or execute arbitrary code.