CVE-2026-39103

Severity CVSS v4.0:
Pending analysis
Type:
CWE-122 Heap-based Buffer Overflow
Publication date:
05/05/2026
Last modified:
29/05/2026

Description

Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea0bc3cc294eb725eddf8f702 allows an attacker to cause a denial of service via the src/scenegraph/svg_attributes.c, svg_parse_strings(), gf_svg_parse_attribute()

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:* 2026-04-01 (excluding)