CVE-2026-4185
GPAC MP4Box swf_parse.c swf_def_bits_jpeg stack-based overflow
Description
A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swf_def_bits_jpeg of the file src/scene_manager/swf_parse.c of the component MP4Box. The manipulation of the argument szName results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. The patch is identified as 8961c74f87ae3fe2d3352e622f7730ca96d50cf1. A patch should be applied to remediate this issue.
INFO
Published Date :
March 15, 2026, 6:32 p.m.
Last Modified :
March 15, 2026, 6:32 p.m.
Remotely Exploit :
No
Source :
VulDB
Affected Products
The following products are affected by CVE-2026-4185
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
Solution
- Apply the patch identified by 8961c74f87ae3fe2d3352e622f7730ca96d50cf1.
- Update GPAC to a version that includes the patch.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-4185 vulnerability anywhere in the article.