CVE-2026-15185 | GPAC 26.03-DEV MP4Box vobsub.c vobsub_read_idx num_langs out-of-bounds (Issue 3611)
A vulnerability was found in GPAC 26.03-DEV. It has been declared as problematic. This affects the function vobsub_read_idx of the file /src/media_tools/vobsub.c of the component MP4Box. Executing a manipulation of the argument num_langs can lead to out-of-bounds read.
This vulnerability is registered as CVE-2026-15185. The attack needs to be launched locally. Furthermore, an exploit is available.
It is best practice to apply a patch to resolve this issue.
Two different commits were applied to fix this issue.VulDB Recent EntriesRead More