CVE-2026-1418
Last modified
CVE-2026-1418 is a low-severity vulnerability rated 1.9/10 on the CVSS scale. A security vulnerability has been detected in GPAC up to 2.4.0. This affects the function gf_text_import_srt_bifs of the file src/scene_manager/text_to_bifs.c of the component SRT Subtitle Import. EPSS estimates a 0.22% chance of exploitation in the next 30 days.
Description
A security vulnerability has been detected in GPAC up to 2.4.0. This affects the function gf_text_import_srt_bifs of the file src/scene_manager/text_to_bifs.c of the component SRT Subtitle Import. Such manipulation leads to out-of-bounds write. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The name of the patch is 10c73b82cf0e367383d091db38566a0e4fe71772. It is best practice to apply a patch to resolve this issue.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gpac | Gpac | <= 2.4.0 |
References
- https://github.com/gpac/gpac/issues/3425Exploit, Issue Tracking, Vendor Advisory
- https://github.com/gpac/gpac/issues/3425#issue-3801961068Exploit, Issue Tracking, Vendor Advisory
- https://vuldb.com/?ctiid.342807Permissions Required, VDB Entry
- https://vuldb.com/?id.342807Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.736544Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2026-1418?
How severe is CVE-2026-1418?
How do I fix CVE-2026-1418?
Are you affected by CVE-2026-1418?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST