Divide by Zero Vulnerability in GPAC TeXML File Handler
CVE-2026-14801

4.8MEDIUM

Key Information:

Vendor

GPAC

Status
Vendor
CVE Published:
6 July 2026

What is CVE-2026-14801?

A vulnerability has been identified in the GPAC TeXML File Handler, specifically within the function txtin_probe_duration in the load_text.c file. This issue arises from improper handling of the argument txml_timescale, which can result in a divide by zero condition. Attackers must exploit this vulnerability locally, and a patch has been issued to address the problem, specifically commit 86a5191f2e750c767253e27ed6cfd6d547afebc2.

Affected Version(s)

GPAC 26.03-DEV-rev342-g80071f700-master

References

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Fantasy_2026 (VulDB User)
.