{"id":"CVE-2023-3523","summary":"Out-of-bounds Read in gpac/gpac","details":"Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.","modified":"2026-04-12T05:13:22.711548Z","published":"2023-07-06T09:53:48.451Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3523.json","cwe_ids":["CWE-125"],"cna_assigner":"@huntrdev"},"references":[{"type":"WEB","url":"https://huntr.dev/bounties/57e0be03-8484-415e-8b5c-c1fe4546eaac"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3523.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3523"},{"type":"FIX","url":"https://github.com/gpac/gpac/commit/64201a26476c12a7dbd7ffb5757743af6954db96"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gpac/gpac","events":[{"introduced":"0"},{"last_affected":"b34e3851670f4398a4e2efcb86b30a8b07743212"},{"fixed":"64201a26476c12a7dbd7ffb5757743af6954db96"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.2.1"}]}}],"versions":["v0.5.2","v0.6.0","v0.9.0","v0.9.0-preview","v1.0.0","v2.0.0","v2.2.0","v2.2.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3523.json","vanir_signatures_modified":"2026-04-12T05:13:22Z","vanir_signatures":[{"digest":{"line_hashes":["108805762841294666567066867363971265417","175064610102291190834787840716251255891","102807871828859703830760281279370224651","126409606091405734615489264132638627449","155693648515190038418124816227225422536","17029290805764768861345649887488427716","297961433697352817327855776823770730146","265425594480860355179325696082247026564","210830522244621923452574265864009426775"],"threshold":0.9},"source":"https://github.com/gpac/gpac/commit/64201a26476c12a7dbd7ffb5757743af6954db96","signature_version":"v1","target":{"file":"src/media_tools/vobsub.c"},"deprecated":false,"signature_type":"Line","id":"CVE-2023-3523-09829075"},{"digest":{"function_hash":"194737238988612868749248522644574555743","length":4451},"source":"https://github.com/gpac/gpac/commit/64201a26476c12a7dbd7ffb5757743af6954db96","signature_version":"v1","target":{"file":"src/media_tools/vobsub.c","function":"vobsub_read_idx"},"deprecated":false,"signature_type":"Function","id":"CVE-2023-3523-4cdb2bbf"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"}]}