{"id":"CVE-2020-23928","details":"An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read.","modified":"2026-04-11T11:23:18.781499Z","published":"2021-04-21T18:15:08.383Z","references":[{"type":"ADVISORY","url":"https://github.com/gpac/gpac/issues/1568"},{"type":"ADVISORY","url":"https://github.com/gpac/gpac/issues/1569"},{"type":"FIX","url":"https://github.com/gpac/gpac/commit/8e05648d6b4459facbc783025c5c42d301fef5c3"},{"type":"ARTICLE","url":"https://cwe.mitre.org/data/definitions/126.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gpac/gpac","events":[{"introduced":"0"},{"fixed":"d8538e8ae946b32d99c6b2c57cbb327146e9cd9d"},{"fixed":"8e05648d6b4459facbc783025c5c42d301fef5c3"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.0.1"}]}}],"versions":["v0.5.2","v0.6.0","v0.7.0","v0.7.1"],"database_specific":{"vanir_signatures":[{"signature_type":"Function","signature_version":"v1","id":"CVE-2020-23928-040aaef5","target":{"file":"src/isomedia/box_code_adobe.c","function":"abst_box_read"},"source":"https://github.com/gpac/gpac/commit/8e05648d6b4459facbc783025c5c42d301fef5c3","digest":{"function_hash":"224329052296549846793002160328219614017","length":2965},"deprecated":false},{"signature_type":"Line","signature_version":"v1","id":"CVE-2020-23928-3e8f7045","target":{"file":"src/isomedia/box_code_adobe.c"},"source":"https://github.com/gpac/gpac/commit/8e05648d6b4459facbc783025c5c42d301fef5c3","digest":{"line_hashes":["314450098367280310849354577419420946517","64683914037193031225924045831124023185","191435674754192633117331026067058159153","320789349979153142793911569853053630401"],"threshold":0.9},"deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-23928.json","vanir_signatures_modified":"2026-04-11T11:23:18Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}]}