CVE-2023-5377
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-5377
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-5377.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-5377
- Downstream
- Published
- 2023-10-04T10:15:10Z
- Modified
- 2025-09-19T14:47:20.633593Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.
- References
Affected packages
Git / github.com/gpac/gpac
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gpac/gpac
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.5.2
v0.6.0
v0.6.1
v0.7.0
v0.7.1
v0.8.0
v0.9.0
v0.9.0-preview
v1.*
v1.0.0
v1.0.1
v2.*
v2.0.0
v2.2.0
Database specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"206149140974794988691560744896241078852",
"172018749775566593981541193109531147138",
"112172227120341694852368187123895731167",
"306781857209406121489092738392311731271",
"21678994370170228093536046448415743348",
"321808431412363406510170943205169366750",
"167545028061417434865613714348709121930",
"207891100070401110118464375570528600007",
"312921898786311993404857047960632963692",
"177507639425821256593547932331649833184",
"34310841718963014481027105603923537514",
"332212226161425728843404499971330256525",
"84431582940323312944246989518699976974",
"132767221064338722814148577232202250150",
"143500007776647864042628061080033365789",
"338732402945292496144543140389044472857",
"17359451600276719580951907222323746810",
"254791279033884040698732341675081375324",
"222886452536659440600255198835744917005",
"130627198915037944498716875052553661221",
"86598780336386449086195450619351077313",
"126914261124287535914335427335691682554",
"208358054153882082500963067975601003580",
"218926890067045696623748151182555730457",
"85224240819622843816056512455117381038",
"122189976602705254337377162778515922713",
"236691050852660505868259251794093270094",
"211910093668259319780737642818758484814",
"130863125925713933280868198467725620019",
"134139530017887630747042809390163723535",
"229137895603731752904956756092575506835",
"90759316681171635029716370370827978736",
"94446263886385193219838162414253559359",
"103745099420506681117150321204504441387",
"329494668979350027669419724801400887933",
"275149531077868417907525387515673844659",
"145063908485132834571693963095208969567",
"221823261087616069085944278557335352739",
"113555840884045375608292284261732554227",
"9506084924634820964735430509197823651",
"269602378032068922394585924323145049831",
"8038557124902460571155795133678067783",
"49339965177806179238321902631505360522",
"133507769395141436348392221582685909281",
"152709233406148329813702607866161657557",
"338154652417480415937574395957140240880",
"205081153350493655061584411965497289857",
"49154873013523313121484379327412399603",
"231933617240262180759533123403750851681",
"130340087982401410893278553736843203917",
"133746531562187547941475976141960534835",
"6096911702232115005716153085074360465",
"186353405227279620696082451748895914269"
]
},
"id": "CVE-2023-5377-25c38c9e",
"source": "https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "src/isomedia/box_code_base.c"
},
"deprecated": false
},
{
"digest": {
"function_hash": "105507188906414026886356362809184535521",
"length": 499.0
},
"id": "CVE-2023-5377-2d60c96e",
"source": "https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "src/isomedia/box_code_base.c",
"function": "chnl_box_size"
},
"deprecated": false
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"176719652750588591703736348680250146090",
"304370562687795239577460394394911952356",
"168635309321811475422617135382090616599",
"279834521031967599611900398898174227553",
"77319512873902113118712124384756448288"
]
},
"id": "CVE-2023-5377-8e675139",
"source": "https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "include/gpac/isomedia.h"
},
"deprecated": false
},
{
"digest": {
"function_hash": "95138547818420596937865034202945406798",
"length": 890.0
},
"id": "CVE-2023-5377-a80c8698",
"source": "https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "src/isomedia/box_code_base.c",
"function": "chnl_box_write"
},
"deprecated": false
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"145564815963863915996929537355581249390",
"55492130042473762977376947404562800372",
"287815202433544572733386558912109943745"
]
},
"id": "CVE-2023-5377-b0187815",
"source": "https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "src/isomedia/isom_write.c"
},
"deprecated": false
},
{
"digest": {
"function_hash": "169793408401767600714959475731249187751",
"length": 1500.0
},
"id": "CVE-2023-5377-b4d988b4",
"source": "https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "src/isomedia/isom_write.c",
"function": "gf_isom_set_audio_layout"
},
"deprecated": false
},
{
"digest": {
"function_hash": "321282034388334425073874682755753976437",
"length": 1209.0
},
"id": "CVE-2023-5377-de4eef4f",
"source": "https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "src/isomedia/box_code_base.c",
"function": "chnl_box_read"
},
"deprecated": false
}
]
}