EUVD-2026-13782Severity by source
AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H
Lifecycle Timeline
4DescriptionGitHub Advisory
GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow (write) vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gf_xml_parse_bit_sequence_bs function in utils/xml_bin_custom.c when processing a crafted NHML file containing malicious <BS> (BitSequence) elements. An attacker can exploit this by providing a specially crafted NHML file, causing an out-of-bounds write on the heap. This issue has been via commit 86b0e36.
AnalysisAI
Heap-based buffer overflow in GPAC MP4Box's XML parsing function allows local attackers to corrupt memory and potentially crash the application or achieve code execution by crafting malicious NHML files with specially formatted BitSequence elements. The vulnerability affects systems processing untrusted multimedia files and remains unpatched as of this advisory. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Vulnerability AssessmentAI
| Risk Assessment | The CVSS v3.1 score of 5.8 with vector CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H indicates a moderate-severity vulnerability with several mitigating factors. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious NHML file containing oversized or specially formatted BitSequence elements that trigger buffer overflow logic in the gf_xml_parse_bit_sequence_bs function. The attacker either uploads this file to a shared storage location accessible to the target user or convinces them to download and process it using MP4Box (e.g., for multimedia format conversion or validation). … |
| Remediation | Update GPAC to a version that includes commit 86b0e36 or later. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Divide-by-zero in GPAC's MP4Box AVI demuxer crashes the process when handling crafted media files with zero-declared fra
Heap-based buffer overflow in GPAC MP4Box (all versions prior to fix commit 61bbfd2e89553373ba3449b8ec05b5f098d732a5) al
NULL pointer dereference in GPAC's MP4Box fragmentation pipeline allows unauthenticated remote attackers to crash the ap
NULL pointer dereference in GPAC's MP4Box crashes the application when importing a crafted MP4 file containing corrupted
Use-after-free memory corruption in GPAC's MP4Box triggers via gf_node_get_tag when parsing a crafted MP4 file containin
Share
External POC / Exploit Code
Leaving vuln.today