CVE-2026-7135

CVSS v3.1

5.3

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions GPAC versions prior to 26.03-DEV-rev105-g8f39a1eb3-master

Description A flaw in the MP4Box component allows an out-of-bounds read, which occurs when the elng argument is manipulated within the elng box read() function located in the src/isomedia/box code base.c file. This issue requires local access to be exploited.

Recommendations Upgrade the affected component to a version that includes patch cf6ac48c972eaaee2af270adc3f36615325deb3e.

Exploit

Fix

Out of bounds Read

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-119

Related Identifiers

CVE-2026-7135

Affected Products

Gpac

CVE-2026-7135

Weakness Enumeration

Related Identifiers

Affected Products

References · 16