PT-2026-24938 · Debian+2 · Gpac

Breakingbad

Published

2026-01-01

Updated

2026-03-13

CVE-2026-4016

CVSS v3.1

5.3

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions GPAC version 26.03-DEV

Description A security issue has been identified in GPAC 26.03-DEV. The svgin process function within the SVG Parser component, located in the file src/filters/load svg.c, is susceptible to an out-of-bounds write condition. Local access is required for exploitation. The exploit for this issue has been publicly disclosed. The patch identifier is 7618d7206cdeb3c28961dc97ab0ecabaff0c8af2.

Recommendations Install the patch with identifier 7618d7206cdeb3c28961dc97ab0ecabaff0c8af2 to address this issue.

Exploit

Fix

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

CVE-2026-4016

Affected Products

Gpac

PT-2026-24938 · Debian+2 · Gpac

CVE-2026-4016

Weakness Enumeration

Related Identifiers

Affected Products

References · 19