CVE-2026-27821

GPAC is an open-source multimedia framework. In versions up to and including 26.02.0, a stack buffer overflow occurs during NHML file parsing in `src/filters/dmx_nhml.c`. The value of the xmlHeaderEnd XML attribute is copied from att->value into szXmlHeaderEnd[1000] using strcpy() without any length validation. If the input exceeds 1000 bytes, it overwrites beyond the stack buffer boundary. Commit 9bd7137fded2db40de61a2cf3045812c8741ec52 patches the issue.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/gpac/gpac/commit/9bd7137fded2db40de61a2cf3045812c8741ec52	Patch
https://github.com/gpac/gpac/security/advisories/GHSA-q7qh-8r2r-q559	Exploit Vendor Advisory
https://github.com/gpac/gpac/security/advisories/GHSA-q7qh-8r2r-q559	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*

History

11 Mar 2026, 23:23

Type	Values Removed	Values Added
First Time		Gpac Gpac gpac
Summary		(es) GPAC es un framework multimedia de código abierto. En versiones hasta la 26.02.0 inclusive, se produce un desbordamiento de búfer de pila durante el análisis de archivos NHML en `src/filters/dmx_nhml.c`. El valor del atributo XML xmlHeaderEnd se copia de att->value a szXmlHeaderEnd[1000] usando strcpy() sin ninguna validación de longitud. Si la entrada excede los 1000 bytes, sobrescribe más allá del límite del búfer de pila. El commit 9bd7137fded2db40de61a2cf3045812c8741ec52 corrige el problema.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CPE		cpe:2.3:a:gpac:gpac::::::::
References	~~() https://github.com/gpac/gpac/commit/9bd7137fded2db40de61a2cf3045812c8741ec52 -~~	() https://github.com/gpac/gpac/commit/9bd7137fded2db40de61a2cf3045812c8741ec52 - Patch
References	~~() https://github.com/gpac/gpac/security/advisories/GHSA-q7qh-8r2r-q559 -~~	() https://github.com/gpac/gpac/security/advisories/GHSA-q7qh-8r2r-q559 - Exploit, Vendor Advisory

26 Feb 2026, 16:24

Type	Values Removed	Values Added
References	~~() https://github.com/gpac/gpac/security/advisories/GHSA-q7qh-8r2r-q559 -~~	() https://github.com/gpac/gpac/security/advisories/GHSA-q7qh-8r2r-q559 -

26 Feb 2026, 00:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-26 00:16

Updated : 2026-03-11 23:23

NVD link : CVE-2026-27821

Mitre link : CVE-2026-27821

CVE.ORG link : CVE-2026-27821

JSON object : View

Products Affected

gpac

gpac

CWE

CWE-121

Stack-based Buffer Overflow

7.8 /10