CVE-2026-4185 | GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master MP4Box swf_parse.c swf_def_bits_jpeg szName stack-based overflow (Issue 3436)

Inserito da Angelo Barbosa | Mar 14, 2026 | CVE

A vulnerability described as critical has been identified in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swf_def_bits_jpeg of the file src/scene_manager/swf_parse.c of the component MP4Box. The manipulation of the argument szName results in stack-based buffer overflow.

This vulnerability is known as CVE-2026-4185. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A patch should be applied to remediate this issue.

CVE-2026-4185 | GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master MP4Box swf_parse.c swf_def_bits_jpeg szName stack-based overflow (Issue 3436)

Post correlati

CVE-2025-68293 | Linux Kernel up to 6.12.60/6.17.10 huge_memory null pointer dereference

CVE-2025-1963 | projectworlds Online Hotel Booking 1.0 /reservation.php checkin sql injection

CVE-2025-14475 | Extensive VC Addons for WPBakery Page Builder Plugin extensive_vc_get_module_template_part file inclusion

CVE-2024-35200 | F5 NGINX Plus/NGINX Open Source HTTP3 QUIC denial of service (K000139612)