CVE-2023-5377

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-5377

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5377.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-5377

Downstream

DEBIAN-CVE-2023-5377

UBUNTU-CVE-2023-5377

Published

2023-10-04T10:15:10Z

Modified

2025-10-21T17:08:11.716264Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVSS Calculator

Summary

[none]

Details

Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.

References

Affected packages

Git / github.com/gpac/gpac

Affected ranges

Type: GIT
Repo: https://github.com/gpac/gpac
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8e9d6b38c036a97020c462ad48e1132e0ddc57ce

Affected versions

v0.*

v0.5.2

v0.6.0

v0.6.1

v0.7.0

v0.7.1

v0.8.0

v0.9.0

v0.9.0-preview

v1.*

v1.0.0

v1.0.1

v2.*

v2.0.0

v2.2.0

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "source": "https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce",
        "digest": {
            "line_hashes": [
                "206149140974794988691560744896241078852",
                "172018749775566593981541193109531147138",
                "112172227120341694852368187123895731167",
                "306781857209406121489092738392311731271",
                "21678994370170228093536046448415743348",
                "321808431412363406510170943205169366750",
                "167545028061417434865613714348709121930",
                "207891100070401110118464375570528600007",
                "312921898786311993404857047960632963692",
                "177507639425821256593547932331649833184",
                "34310841718963014481027105603923537514",
                "332212226161425728843404499971330256525",
                "84431582940323312944246989518699976974",
                "132767221064338722814148577232202250150",
                "143500007776647864042628061080033365789",
                "338732402945292496144543140389044472857",
                "17359451600276719580951907222323746810",
                "254791279033884040698732341675081375324",
                "222886452536659440600255198835744917005",
                "130627198915037944498716875052553661221",
                "86598780336386449086195450619351077313",
                "126914261124287535914335427335691682554",
                "208358054153882082500963067975601003580",
                "218926890067045696623748151182555730457",
                "85224240819622843816056512455117381038",
                "122189976602705254337377162778515922713",
                "236691050852660505868259251794093270094",
                "211910093668259319780737642818758484814",
                "130863125925713933280868198467725620019",
                "134139530017887630747042809390163723535",
                "229137895603731752904956756092575506835",
                "90759316681171635029716370370827978736",
                "94446263886385193219838162414253559359",
                "103745099420506681117150321204504441387",
                "329494668979350027669419724801400887933",
                "275149531077868417907525387515673844659",
                "145063908485132834571693963095208969567",
                "221823261087616069085944278557335352739",
                "113555840884045375608292284261732554227",
                "9506084924634820964735430509197823651",
                "269602378032068922394585924323145049831",
                "8038557124902460571155795133678067783",
                "49339965177806179238321902631505360522",
                "133507769395141436348392221582685909281",
                "152709233406148329813702607866161657557",
                "338154652417480415937574395957140240880",
                "205081153350493655061584411965497289857",
                "49154873013523313121484379327412399603",
                "231933617240262180759533123403750851681",
                "130340087982401410893278553736843203917",
                "133746531562187547941475976141960534835",
                "6096911702232115005716153085074360465",
                "186353405227279620696082451748895914269"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "src/isomedia/box_code_base.c"
        },
        "id": "CVE-2023-5377-25c38c9e",
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce",
        "digest": {
            "function_hash": "105507188906414026886356362809184535521",
            "length": 499.0
        },
        "target": {
            "function": "chnl_box_size",
            "file": "src/isomedia/box_code_base.c"
        },
        "id": "CVE-2023-5377-2d60c96e",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce",
        "digest": {
            "line_hashes": [
                "176719652750588591703736348680250146090",
                "304370562687795239577460394394911952356",
                "168635309321811475422617135382090616599",
                "279834521031967599611900398898174227553",
                "77319512873902113118712124384756448288"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "include/gpac/isomedia.h"
        },
        "id": "CVE-2023-5377-8e675139",
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce",
        "digest": {
            "function_hash": "95138547818420596937865034202945406798",
            "length": 890.0
        },
        "target": {
            "function": "chnl_box_write",
            "file": "src/isomedia/box_code_base.c"
        },
        "id": "CVE-2023-5377-a80c8698",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce",
        "digest": {
            "line_hashes": [
                "145564815963863915996929537355581249390",
                "55492130042473762977376947404562800372",
                "287815202433544572733386558912109943745"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "src/isomedia/isom_write.c"
        },
        "id": "CVE-2023-5377-b0187815",
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce",
        "digest": {
            "function_hash": "169793408401767600714959475731249187751",
            "length": 1500.0
        },
        "target": {
            "function": "gf_isom_set_audio_layout",
            "file": "src/isomedia/isom_write.c"
        },
        "id": "CVE-2023-5377-b4d988b4",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce",
        "digest": {
            "function_hash": "321282034388334425073874682755753976437",
            "length": 1209.0
        },
        "target": {
            "function": "chnl_box_read",
            "file": "src/isomedia/box_code_base.c"
        },
        "id": "CVE-2023-5377-de4eef4f",
        "deprecated": false,
        "signature_type": "Function"
    }
]