CVE-2026-33144 in GPAC
요약 (영어)
GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow (write) vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gf_xml_parse_bit_sequence_bs function in utils/xml_bin_custom.c when processing a crafted NHML file containing malicious <BS> (BitSequence) elements. An attacker can exploit this by providing a specially crafted NHML file, causing an out-of-bounds write on the heap. This issue has been via commit 86b0e36.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
책임이 있는
GitHub_M
예약하다
2026. 03. 17.
공개
2026. 03. 20.
상태
확인됨
엔트리
VulDB provides additional information and datapoints for this CVE:
| 아이디 | 취약성 | CWE | 악용 | 대책 | CVE |
|---|---|---|---|---|---|
| 352117 | GPAC MP4Box xml_bin_custom.c gf_xml_parse_bit_sequence_bs 메모리 손상 | 787 | 정의되지 않음 | 공식 수정 | CVE-2026-33144 |