CVE-2023-2837

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-2837
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-2837.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-2837
Downstream
Published
2023-05-22T18:15:09Z
Modified
2025-10-16T09:39:26.870124Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.

References

Affected packages

Git / github.com/gpac/gpac

Affected ranges

Type
GIT
Repo
https://github.com/gpac/gpac
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v0.*

v0.5.2
v0.6.0
v0.6.1
v0.7.0
v0.7.1
v0.8.0
v0.9.0
v0.9.0-preview

v1.*

v1.0.0
v1.0.1

v2.*

v2.0.0
v2.2.0

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "id": "CVE-2023-2837-02353464",
        "source": "https://github.com/gpac/gpac/commit/6f28c4cd607d83ce381f9b4a9f8101ca1e79c611",
        "signature_version": "v1",
        "target": {
            "function": "gf_xml_sax_parse_intern",
            "file": "src/utils/xml_parser.c"
        },
        "digest": {
            "function_hash": "107042462424685097066657672698452009753",
            "length": 1481.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "id": "CVE-2023-2837-758ebb04",
        "source": "https://github.com/gpac/gpac/commit/6f28c4cd607d83ce381f9b4a9f8101ca1e79c611",
        "signature_version": "v1",
        "target": {
            "file": "src/utils/xml_parser.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "29821600007885591931671161813255595286",
                "91755883149385172217166193396792588862",
                "285244183166219245601938591780077498958",
                "128786744180456255638215608138458482971",
                "245243302057325866167817597118055189993",
                "87937416645504520652803081244695329486",
                "62909472909446825732989418340032288459",
                "126031901521107050396279044459581112471",
                "277121166220654773928901454056030518735",
                "271884619302320214851374337454713170776",
                "326017487012263456819528233658722143248",
                "99795615659351561987857698396311415857",
                "100797822154742973190745292037787829996"
            ]
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2023-2837-e3366d77",
        "source": "https://github.com/gpac/gpac/commit/6f28c4cd607d83ce381f9b4a9f8101ca1e79c611",
        "signature_version": "v1",
        "target": {
            "function": "xml_sax_parse",
            "file": "src/utils/xml_parser.c"
        },
        "digest": {
            "function_hash": "218785240103127314184520122087423732158",
            "length": 5341.0
        },
        "deprecated": false
    }
]