CVE-2018-20763

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-20763
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-20763.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-20763
Downstream
Related
Published
2019-02-06T23:29:00Z
Modified
2025-10-15T09:33:29.756626Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In GPAC 0.7.1 and earlier, gftextgetutf8line in mediatools/textimport.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking.

References

Affected packages

Git / github.com/gpac/gpac

Affected ranges

Type
GIT
Repo
https://github.com/gpac/gpac
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1c449a34fe0b50aaffb881bfb9d7c5ab0bb18cdd

Affected versions

v0.*

v0.5.2
v0.6.0
v0.6.1
v0.7.0
v0.7.1

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "id": "CVE-2018-20763-0c29edbf",
        "source": "https://github.com/gpac/gpac/commit/1c449a34fe0b50aaffb881bfb9d7c5ab0bb18cdd",
        "digest": {
            "line_hashes": [
                "235702769480343034047313307639867929372",
                "298928794883382357300699956659113967154",
                "283233233962778744132558282529870065260",
                "261649621933077853379697878440446239229",
                "209122548994202013972892363222986092398",
                "157103700044101798836924666133282197355",
                "77832819178956115580584191482867065946",
                "56209112334828745132090168832632497091",
                "137375472079180793971770531026869947605",
                "195315605255369778016337143193813292712",
                "214754182885975121674607553813628597623",
                "23961833882725610463043495768955370299",
                "265230746935875774132342683357985428857",
                "76230474250890766558331649731950128273",
                "94472278752800392215224315628663558210",
                "134178486260690025415349272322307926274",
                "147553584935692870276770969616666577476",
                "65124336648228577208037481376828722769",
                "266827819259793730333505711717079654629",
                "23961833882725610463043495768955370299",
                "77080554615371308706935803686578556245",
                "168943579593236440155985016254807639626",
                "31010115283356593223980664162603313666",
                "266096898231188492742702051014394822896",
                "147553584935692870276770969616666577476",
                "65124336648228577208037481376828722769",
                "266827819259793730333505711717079654629",
                "147553584935692870276770969616666577476",
                "65124336648228577208037481376828722769",
                "266827819259793730333505711717079654629",
                "214105679552662673944552391824802791071",
                "262576188187337993863662097599105472555",
                "55784920846740878347562072204044441237",
                "243819461520684621562509849593099102113",
                "198662757964263096721946816481483744853",
                "12443160771385687458284800780302201977",
                "337816182281328089146853371250597890581",
                "30803333429749014220767763654088652920",
                "185297088032491927760805274958894238799",
                "241555821475532646140450827136007587960",
                "252317077949574753053110711139019258299",
                "80974710525190027134921846266571567529"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "target": {
            "file": "src/media_tools/text_import.c"
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2018-20763-5a745480",
        "source": "https://github.com/gpac/gpac/commit/1c449a34fe0b50aaffb881bfb9d7c5ab0bb18cdd",
        "digest": {
            "length": 30404.0,
            "function_hash": "281025805913083021418832044241657820068"
        },
        "deprecated": false,
        "target": {
            "function": "mp4client_main",
            "file": "applications/mp4client/main.c"
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2018-20763-6880280e",
        "source": "https://github.com/gpac/gpac/commit/1c449a34fe0b50aaffb881bfb9d7c5ab0bb18cdd",
        "digest": {
            "line_hashes": [
                "11282892316815077540715522874343051045",
                "321451481839818683466808837788964696340",
                "4781963087568550356061380529387122892",
                "6629588720377507639568403093347739496"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "target": {
            "file": "applications/mp4client/main.c"
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2018-20763-ceb79c84",
        "source": "https://github.com/gpac/gpac/commit/1c449a34fe0b50aaffb881bfb9d7c5ab0bb18cdd",
        "digest": {
            "length": 1668.0,
            "function_hash": "234952272341952137755574601918750826876"
        },
        "deprecated": false,
        "target": {
            "function": "gf_text_get_utf8_line",
            "file": "src/media_tools/text_import.c"
        },
        "signature_type": "Function"
    }
]