CVE-2026-7135 | GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master MP4Box box_code_base.c elng_box_read elng out-of-bounds (Issue 3516)

A vulnerability has been found in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master and classified as critical. Affected by this vulnerability is the function elng_box_read of the file src/isomedia/box_code_base.c of the component MP4Box. Performing a manipulation of the argument elng results in out-of-bounds read.

This vulnerability was named CVE-2026-7135. The attack needs to be approached locally. In addition, an exploit is available.

The affected component should be upgraded.VulDB Recent EntriesRead More