CVE-2026-33144

GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow write vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gfxmlparsebitsequencebs function in utils/xmlbincustom.c when processing a crafted NHML file containing malicious...

Linux Distros Unpatched Vulnerability : CVE-2026-33144

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow write vulnerability was discovered in GPAC MP4Box. The...

CVE-2026-33144

GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow write vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gfxmlparsebitsequencebs function in utils/xmlbincustom.c when processing a crafted NHML file containing malicious...

EUVD-2026-13782

GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow write vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gfxmlparsebitsequencebs function in utils/xmlbincustom.c when processing a crafted NHML file containing malicious...

CVE-2026-33144 GPAC MP4Box Heap Buffer Overflow Write in gf_xml_parse_bit_sequence_bs (NHML BS Parsing)

GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow write vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gfxmlparsebitsequencebs function in utils/xmlbincustom.c when processing a crafted NHML file containing malicious...

CVE-2026-33144 GPAC MP4Box Heap Buffer Overflow Write in gf_xml_parse_bit_sequence_bs (NHML BS Parsing)

GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow write vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gfxmlparsebitsequencebs function in utils/xmlbincustom.c when processing a crafted NHML file containing malicious...

GPAC MP4Box 安全漏洞

GPAC MP4Box is a multimedia packager. It is primarily used for processing ISOBMF files such as MP4 and 3GP, but it can also be used for importing/exporting media from container files like AVI, MPG, MKV, and MPEG-2 TS. Previous versions of GPAC MP4Box, including version 86b0e36, had a security...

CVE-2026-4185

A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swfdefbitsjpeg of the file src/scenemanager/swfparse.c of the component MP4Box. The manipulation of the argument szName results in stack-based buffer overflow. It is possible to laun...

Linux Distros Unpatched Vulnerability : CVE-2026-4185

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swfdefbitsjpeg of the file...

CVE-2026-4185

GPAC MP4Box swf_parse.c swf_def_bits_jpeg stack-based overflow in src/scene_manager/swf_parse.c (function swf_def_bits_jpeg) affects GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. Manipulation of szName leads to a stack-based buffer overflow; remote exploit possible. Patch identified as 8961c74f87...

CVE-2026-4185

A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swfdefbitsjpeg of the file src/scenemanager/swfparse.c of the component MP4Box. The manipulation of the argument szName results in stack-based buffer overflow. It is possible to laun...

CVE-2026-4185 GPAC MP4Box swf_parse.c swf_def_bits_jpeg stack-based overflow

A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swfdefbitsjpeg of the file src/scenemanager/swfparse.c of the component MP4Box. The manipulation of the argument szName results in stack-based buffer overflow. It is possible to laun...

PT-2026-25559

A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swf def bits jpeg of the file src/scene manager/swf parse.c of the component MP4Box. The manipulation of the argument szName results in stack-based buffer overflow. It is possible to...

CVE-2021-41458

In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability...

CVE-2021-41456

There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmxnhml.c:1004 in the nhmldmxsendsample function szXmlTo parameter which leads to a denial of service vulnerability...

CVE-2021-33361

Memory leak in the afraboxread function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file...

CVE-2021-33365

Memory leak in the gfisomgetrootod function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file...

CVE-2021-33362

Stack buffer overflow in the hevcparsevpsextension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file...

CVE-2021-33366

Memory leak in the gfisomoinfreadentry function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file...

CVE-2021-31262

The AV1DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service NULL pointer dereference via a crafted file in the MP4Box command...