Description

GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow (write) vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gf_xml_parse_bit_sequence_bs function in utils/xml_bin_custom.c when processing a crafted NHML file containing malicious <BS> (BitSequence) elements. An attacker can exploit this by providing a specially crafted NHML file, causing an out-of-bounds write on the heap. This issue has been via commit 86b0e36.

INFO

Published Date :

2026-03-20T20:07:58.175Z

Last Modified :

2026-03-20T21:22:31.163Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-33144 vulnerability.

Vendors Products
Gpac
  • Gpac
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-33144.

URL Resource
https://github.com/gpac/gpac/commit/86b0e36ea4c71402fbdaf7e13d73ba8841003e72 cve-icon cve-icon
https://github.com/gpac/gpac/security/advisories/GHSA-3jw5-9pmw-vmfg cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact