CVE-2026-27821

Name of the Vulnerable Software and Affected Versions GPAC versions up to and including 26.02.0

Description GPAC is an open-source multimedia framework. A stack buffer overflow occurs during NHML file parsing in src/filters/dmx nhml.c. The xmlHeaderEnd XML attribute’s value from att->value is copied into the szXmlHeaderEnd buffer (size 1000 bytes) using the strcpy() function without length validation. If the input exceeds 1000 bytes, it overwrites the stack buffer boundary.

Recommendations Update to a version later than 26.02.0.