CVE-2026-13523
Last modified
CVE-2026-13523 is a low-severity vulnerability rated 3.3/10 on the CVSS scale. A weakness has been identified in GPAC up to 26.02.0. This affects an unknown part of the file src/utils/base_encoding.c of the component ISOBMFF Parser. EPSS estimates a 0.11% chance of exploitation in the next 30 days.
Description
A weakness has been identified in GPAC up to 26.02.0. This affects an unknown part of the file src/utils/base_encoding.c of the component ISOBMFF Parser. Executing a manipulation can lead to highly compressed data. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. This patch is called 297f2d8d1f493d8b241330533cd47f7da758aeb3. A patch should be applied to remediate this issue. The vendor confirms: "We added a check on inflate output size, if it surpasses 32 times the input size we stop in error. This value could be adjusted later."
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
Source: CNA advisory (CVE.org). NVD analysis pending.
| Vendor | Product | Versions |
|---|---|---|
| — | GPAC | 26.02 |
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2026-13523?
How severe is CVE-2026-13523?
How do I fix CVE-2026-13523?
Related CVEs from 2026
- CVE-2026-13518A vulnerability has been found in Tenda JD12L 16.03.53.23. T…8.8
- CVE-2026-13519A vulnerability was found in Tenda JD12L 16.03.53.23. This i…8.8
- CVE-2026-1352IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for…6.5
- CVE-2026-13520A vulnerability was determined in itsourcecode Hospital Mana…6.3
- CVE-2026-13521A vulnerability was identified in SourceCodester Class and E…7.3
- CVE-2026-13522A security flaw has been discovered in Investintech SlimPDFR…4.3
- CVE-2026-13524A security vulnerability has been detected in CherryHQ cherr…5.6
- CVE-2026-13525A vulnerability was detected in CodeAstro Human Resource Man…6.3
- CVE-2026-13526A flaw has been found in SourceCodester Class and Exam Timet…7.3
- CVE-2026-13527A vulnerability has been found in SourceCodester Class and E…7.3
- CVE-2026-13528A vulnerability was found in YunaiV/zhijiantianya ruoyi-vue-…7.3
- CVE-2026-13529A vulnerability was determined in YzmCMS up to 7.5. This aff…5.6
Are you affected by CVE-2026-13523?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
