What is CVE-2026-33144?

CVE-2026-33144 is a medium-severity vulnerability in Gpac, classified under Out-of-bounds Write. CVSS score: 5.8/10. Published 2026-03-20.

How severe is CVE-2026-33144?

Medium severity. CVSS v3 base score is 5.8 out of 10.

Buffer overflow in Gpac

CVE-2026-33144

GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow (write) vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gf_xml_parse_bit_sequence_bs function in utils/xml_bin_…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (8.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.8 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H.

Affected products

Gpac — versions < 86b0e36ea4c71402fbdaf7e13d73ba8841003e72

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

References

https://github.com/gpac/gpac/security/advisories/GHSA-3jw5-9pmw-vmfg (x_refsource_CONFIRM)
https://github.com/gpac/gpac/commit/86b0e36ea4c71402fbdaf7e13d73ba8841003e72 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-33144?: CVE-2026-33144 is a medium-severity vulnerability in Gpac, classified under Out-of-bounds Write. CVSS score: 5.8/10. Published 2026-03-20.
How severe is CVE-2026-33144?: Medium severity. CVSS v3 base score is 5.8 out of 10.