{"id":"CVE-2019-20208","details":"dimC_Read in isomedia/box_code_3gpp.c in GPAC from 0.5.2 to 0.8.0 has a stack-based buffer overflow.","modified":"2026-04-16T04:44:25.353816042Z","published":"2020-01-02T14:16:36.363Z","references":[{"type":"WEB","url":"https://github.com/gpac/gpac/blob/v0.5.2/src/isomedia/box_code_3gpp.c#L1100"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html"},{"type":"FIX","url":"https://github.com/gpac/gpac/commit/bcfcb3e90476692fe0d2bb532ea8deeb2a77580e"},{"type":"EVIDENCE","url":"https://github.com/gpac/gpac/issues/1348"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gpac/gpac","events":[{"introduced":"cb0a053f47173556f193c2d996262d8c6aaac9bb"},{"last_affected":"6b4ab401297be43b57f9eddd675971a8a5feab44"},{"fixed":"bcfcb3e90476692fe0d2bb532ea8deeb2a77580e"}],"database_specific":{"versions":[{"introduced":"0.5.2"},{"last_affected":"0.8.0"}]}}],"versions":["v0.5.2","v0.6.0","v0.7.0","v0.7.1","v0.8.0"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","signature_type":"Function","digest":{"length":792,"function_hash":"267101714015547623690913367371328526954"},"id":"CVE-2019-20208-264a3cf2","deprecated":false,"target":{"function":"dimC_Read","file":"src/isomedia/box_code_3gpp.c"},"source":"https://github.com/gpac/gpac/commit/bcfcb3e90476692fe0d2bb532ea8deeb2a77580e"},{"signature_version":"v1","signature_type":"Function","digest":{"length":1440,"function_hash":"340232248751195583711702154182087948597"},"id":"CVE-2019-20208-a64957e9","deprecated":false,"target":{"function":"av1_parse_tile_group","file":"src/media_tools/av_parsers.c"},"source":"https://github.com/gpac/gpac/commit/bcfcb3e90476692fe0d2bb532ea8deeb2a77580e"},{"target":{"file":"src/media_tools/av_parsers.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["11049701244475237779126564003888030610","154188121443507541596554777864152861998","143853430433160951676677172260664553603"]},"signature_version":"v1","deprecated":false,"id":"CVE-2019-20208-bbd13e77","source":"https://github.com/gpac/gpac/commit/bcfcb3e90476692fe0d2bb532ea8deeb2a77580e"},{"id":"CVE-2019-20208-cb0cae85","target":{"file":"src/isomedia/box_code_3gpp.c"},"digest":{"threshold":0.9,"line_hashes":["290916121066657946246643916078004638124","139629543009130235920786115429859115469","219428159513859071163693712510745714203","261277137494029647098211910788802170554"]},"source":"https://github.com/gpac/gpac/commit/bcfcb3e90476692fe0d2bb532ea8deeb2a77580e","deprecated":false,"signature_version":"v1","signature_type":"Line"}],"vanir_signatures_modified":"2026-04-11T09:39:51Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-20208.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}