PT-2026-37061 · Debian+1 · Gpac
Junius-Sec
·
Published
2026-05-05
·
Updated
2026-05-05
·
CVE-2026-39103
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
GPAC versions prior to commit v391dc7f4d234988ea0bc3cc294eb725eddf8f702
Description
A buffer overflow allows an attacker to cause a denial of service. This issue occurs within the
src/scenegraph/svg attributes.c file, specifically involving the svg parse strings() and gf svg parse attribute() functions.Recommendations
Update to the version containing commit v391dc7f4d234988ea0bc3cc294eb725eddf8f702.
As a temporary workaround, restrict the use of the
svg parse strings() and gf svg parse attribute() functions.Exploit
Fix
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gpac