QwikSec

Security Database

CVE

CWE

Training

CVE-2026-1418

Published: Jan 26, 2026

Modified: Feb 23, 2026

PUBLISHED

CVSS v3.1

5.3

MEDIUM

Description

A security vulnerability has been detected in GPAC up to 2.4.0. This affects the function gf_text_import_srt_bifs of the file src/scene_manager/text_to_bifs.c of the component SRT Subtitle Import. Such manipulation leads to out-of-bounds write. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The name of the patch is 10c73b82cf0e367383d091db38566a0e4fe71772. It is best practice to apply a patch to resolve this issue.

Vendor	Product	Versions
n/a	GPAC	affected `2.0` affected `2.1` affected `2.2` affected `2.3` affected `2.4.0`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

References

VDB-342807 | GPAC SRT Subtitle Import text_to_bifs.c gf_text_import_srt_bifs out-of-bounds write

vdb-entry

technical-description

VDB-342807 | CTI Indicators (IOB, IOC, IOA)

signature

permissions-required

Submit #736544 | gpac v2.4.0 Out-of-bounds Write

third-party-advisory

https://github.com/gpac/gpac/issues/3425

issue-tracking

https://github.com/gpac/gpac/issues/3425#issue-3801961068

exploit

issue-tracking

https://github.com/enocknt/gpac/commit/10c73b82cf0e367383d091db38566a0e4fe71772

patch

https://github.com/gpac/gpac/

product

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.