إرسال #850854: GPAC GPAC 26.03-DEV-rev342-g80071f700-master Divide By Zeroالمعلومات

عنوانGPAC GPAC 26.03-DEV-rev342-g80071f700-master Divide By Zero
الوصفA divide-by-zero denial-of-service vulnerability exists in GPAC 26.03-DEV-rev342-g80071f700-master when processing TeXML subtitle files. The issue is located in src/filters/load_text.c. GPAC parses the TeXML root attribute timeScale using atoi() and assigns it to ctx->txml_timescale without validating that the value is non-zero. Later, during duration probing, GPAC uses ctx->txml_timescale as a divisor. If an attacker supplies a crafted TeXML file with timeScale="0", GPAC triggers a division-by-zero error and terminates. The vulnerable code path is in txtin_texml_setup(), where timeScale is assigned without validation, and in txtin_probe_duration(), where ctx->txml_timescale is used as a divisor. This allows an attacker to craft a malicious TeXML subtitle file that reliably crashes the gpac process when the file is imported or processed. The demonstrated impact is denial of service. Exploitation requires no authentication; an attacker only needs to provide a crafted TeXML file and convince a user or automated workflow to process it with GPAC. The issue was reproduced reliably using the same PoC and command.
المصدر⚠️ https://github.com/gpac/gpac/issues/3610
المستخدم
 Fantasy_2026 (UID 98691)
ارسال07/06/2026 08:16 AM (29 أيام منذ)
الاعتدال05/07/2026 09:08 PM (29 days later)
الحالةتمت الموافقة
إدخال VulDB376395 [GPAC 26.03-DEV-rev342-g80071f700-master TeXML File src/filters/load_text.c txtin_probe_duration txml_timescale الحرمان من الخدمة]
النقاط20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!