| عنوان | GPAC 26.03-DEV Buffer Overflow |
|---|
| الوصف | A stack buffer overflow vulnerability exists in GPAC version 26.03-DEV. The issue is located in the function txtin_process_texml() within the file src/filters/load_text.c. The fixed-size stack array GF_StyleRecord styles[50] is accessed via nb_styles index without proper bounds checking. A crafted TeXML file with more than 50 <sharedStyles> blocks causes a stack-based buffer overflow via memset() at line 3844. This vulnerability can lead to Denial of Service (DoS) or potential code execution. The vendor has confirmed and fixed this issue on GitHub. |
|---|
| المصدر | ⚠️ https://github.com/gpac/gpac/issues/3467#issuecomment-3945864390 |
|---|
| المستخدم | breakingbad (UID 96046) |
|---|
| ارسال | 02/03/2026 06:34 AM (2 أشهر منذ) |
|---|
| الاعتدال | 11/03/2026 08:19 PM (10 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 350537 [GPAC 26.03-DEV TeXML File Parser src/filters/load_text.c txtin_process_texml تلف الذاكرة] |
|---|
| النقاط | 20 |
|---|