Medium severity6.3NVD Advisory· Published Mar 16, 2026· Updated Apr 29, 2026

CVE-2026-4185

Description

A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swf_def_bits_jpeg of the file src/scene_manager/swf_parse.c of the component MP4Box. The manipulation of the argument szName results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. The patch is identified as 8961c74f87ae3fe2d3352e622f7730ca96d50cf1. A patch should be applied to remediate this issue.

Affected products

Gpac/Gpacreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/PeterXukt/test_pocs/blob/main/gpac/test.swfnvd
github.com/gpac/gpac/commit/8961c74f87ae3fe2d3352e622f7730ca96d50cf1nvd
github.com/gpac/gpac/issues/3436nvd
vuldb.comnvd
vuldb.comnvd
vuldb.comnvd

News mentions

No linked articles in our index yet.

cvss	0.410
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000