| Título | GPAC 26.03-DEV Buffer Overflow |
|---|
| Descrição | A heap buffer overflow vulnerability was found in GPAC version 26.03-DEV. The issue affects the function svgin_process() in the file src/filters/load_svg.c. When processing DIMS data, the inner unit size read from the bitstream (line 201) overwrites the outer packet size used for buffer allocation (line 192). This results in an out-of-bounds read at line 210 and an out-of-bounds write at line 212 via a crafted MP4 file. This may allow attackers to cause a Denial of Service or execute arbitrary code. The issue has been acknowledged and fixed by the vendor. |
|---|
| Fonte | ⚠️ https://github.com/gpac/gpac/issues/3468#event-23006542038 |
|---|
| Utilizador | breakingbad (UID 96046) |
|---|
| Submissão | 02/03/2026 06h35 (há 2 meses) |
|---|
| Moderação | 11/03/2026 20h19 (10 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 350538 [GPAC 26.03-DEV SVG Parser src/filters/load_svg.c svgin_process Excesso de tampão] |
|---|
| Pontos | 20 |
|---|