{"id":"CVE-2022-27145","details":"GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box.","modified":"2026-04-11T22:01:38.309808Z","published":"2022-04-08T16:15:08.327Z","references":[{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5411"},{"type":"EVIDENCE","url":"https://github.com/gpac/gpac/issues/2108"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gpac/gpac","events":[{"introduced":"0"},{"fixed":"418db4149af78773815b5f6a7030a120037ba140"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.0.0"}]}}],"versions":["v0.5.2","v0.6.0","v0.9.0","v0.9.0-preview","v1.0.0"],"database_specific":{"vanir_signatures_modified":"2026-04-11T22:01:38Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-27145.json","vanir_signatures":[{"signature_version":"v1","id":"CVE-2022-27145-00ec9c94","signature_type":"Function","source":"https://github.com/gpac/gpac/commit/418db4149af78773815b5f6a7030a120037ba140","digest":{"length":2924,"function_hash":"331609225902553284938660782849123559724"},"deprecated":false,"target":{"function":"gf_cfg_init","file":"src/utils/os_config_init.c"}},{"signature_version":"v1","id":"CVE-2022-27145-84a001c2","signature_type":"Line","source":"https://github.com/gpac/gpac/commit/418db4149af78773815b5f6a7030a120037ba140","digest":{"threshold":0.9,"line_hashes":["253854454906731252594870579307233588965","179864446493625039430457959093405636565","157047988769606476955262936216865999399","25205688373900634743508465492002274847"]},"deprecated":false,"target":{"file":"src/utils/os_config_init.c"}},{"signature_version":"v1","id":"CVE-2022-27145-abddd526","signature_type":"Function","source":"https://github.com/gpac/gpac/commit/418db4149af78773815b5f6a7030a120037ba140","digest":{"length":1136,"function_hash":"116287927203832314234354772323596679187"},"deprecated":false,"target":{"function":"PrintUsage","file":"applications/mp4client/main.c"}},{"signature_version":"v1","id":"CVE-2022-27145-dde39a3b","signature_type":"Line","source":"https://github.com/gpac/gpac/commit/418db4149af78773815b5f6a7030a120037ba140","digest":{"threshold":0.9,"line_hashes":["110287411499135302499254568127786275886","196881605958314966606044579045527764763","211928352066196418331258856473204866912","280195963159516847825224043850516008460"]},"deprecated":false,"target":{"file":"applications/mp4client/main.c"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}