CVE-2026-4015
Received Received - Intake
Stack-Based Buffer Overflow in GPAC TeXML File Parser

Publication date: 2026-03-12

Last updated on: 2026-04-29

Assigner: VulDB

Description
A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtin_process_texml of the file src/filters/load_text.c of the component TeXML File Parser. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. This patch is called d29f6f1ada5cc284cdfa783b6f532c7d8bd049a5. Applying a patch is advised to resolve this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-12
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-12
EPSS Evaluated
2026-06-15
NVD
CVE-2026-4015
EUVD
EUVD-2026-11549
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gpac gpac 26.03-dev
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-4015 is a stack-based buffer overflow vulnerability in the GPAC multimedia framework version 26.03-DEV. It occurs in the function txtin_process_texml within the file src/filters/load_text.c, specifically in the TeXML File Parser component.

The vulnerability arises because fixed-size stack arrays (such as GF_StyleRecord styles[50] and Marker marks[50]) are accessed without proper bounds checking. When a crafted TeXML file contains more than 50 <sharedStyles> blocks or marker blocks, the counters tracking these blocks (nb_styles and nb_marks) exceed the array limits, causing out-of-bounds writes and a stack buffer overflow.

This overflow can be triggered locally by processing a malicious TeXML file, potentially leading to Denial of Service (DoS) or arbitrary code execution. The issue has been fixed by adding boundary checks to prevent writing beyond the allocated array sizes.

Impact Analysis

This vulnerability can impact you by allowing an attacker with local access to cause a stack-based buffer overflow in the GPAC software when processing a specially crafted TeXML file.

The consequences of exploitation include Denial of Service (crashing the application) or potentially arbitrary code execution, which could compromise the confidentiality, integrity, and availability of the affected system.

Since the exploit is publicly available and relatively straightforward to execute, it poses a moderate security risk if the vulnerable GPAC version is used without applying the patch.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by attempting to reproduce the stack buffer overflow using a specially crafted TeXML file containing more than 50 <sharedStyles> blocks. A proof-of-concept file named poc_texml_overflow.xml can be used to trigger the overflow.

The vulnerability can be tested by running the following command which uses the GPAC tool MP4Box to add the crafted TeXML file:

  • MP4Box -add poc_texml_overflow.xml:ext=texml -new /tmp/test.mp4

If the system is vulnerable, this command triggers a stack buffer overflow, which can be detected by monitoring for crashes or using debugging tools such as AddressSanitizer (ASAN) to observe memory errors.

Mitigation Strategies

The immediate recommended step to mitigate this vulnerability is to apply the official patch identified by commit d29f6f1ada5cc284cdfa783b6f532c7d8bd049a5 available in the GPAC GitHub repository.

This patch adds boundary checks to the arrays used in the vulnerable function to prevent buffer overflow by ensuring the counters for style and marker blocks do not exceed their fixed sizes.

Until the patch is applied, avoid processing untrusted or specially crafted TeXML files that contain more than 50 <sharedStyles> or marker blocks, as these can trigger the overflow.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4015. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart