{"id":"CVE-2023-4681","summary":"NULL Pointer Dereference in gpac/gpac","details":"NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV.","modified":"2026-04-12T06:44:46.604890Z","published":"2023-08-31T15:53:57.302Z","database_specific":{"cwe_ids":["CWE-476"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/4xxx/CVE-2023-4681.json","cna_assigner":"@huntrdev"},"references":[{"type":"WEB","url":"https://huntr.dev/bounties/d67c5619-ab36-41cc-93b7-04828e25f60e"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/4xxx/CVE-2023-4681.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4681"},{"type":"FIX","url":"https://github.com/gpac/gpac/commit/4bac19ad854159b21ba70d8ab7c4e1cd1db8ea1c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gpac/gpac","events":[{"introduced":"0"},{"fixed":"4bac19ad854159b21ba70d8ab7c4e1cd1db8ea1c"}]},{"type":"GIT","repo":"https://github.com/gpac/gpac","events":[{"introduced":"0"},{"fixed":"4bac19ad854159b21ba70d8ab7c4e1cd1db8ea1c"}]}],"versions":["v0.5.2","v0.6.0","v0.9.0","v0.9.0-preview","v1.0.0","v2.0.0","v2.2.0"],"database_specific":{"vanir_signatures_modified":"2026-04-12T06:44:46Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4681.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2.3"}]}],"vanir_signatures":[{"target":{"file":"src/media_tools/avilib.c"},"digest":{"line_hashes":["228956266563924741886740150879537441456","157540797212257222240083828884761253156","116172836651915470948300612486841254589","88491430940312502646771770048619014558","194593519514902413965566947488507846525","273145753119662300140694403204693636962","230505140121577373572271627318909471237","232299734524447109478139946560074476214","214104429934311726085184461235661344267","271178065846468879031115438007263132210","247537365570284107494589392108281692012","64229793497433106111947707583689990757","24377845455796407719613160504693210831","210557609025033656986587075276061767250","196727431287376977213027382049056452800","299835963184893928933349357592395835141","221870031796412493126553799470467452625","316535529774463693203795228286518271278","108335707822795324830199571513564043136","45449172542539404444772187844251282"],"threshold":0.9},"source":"https://github.com/gpac/gpac/commit/4bac19ad854159b21ba70d8ab7c4e1cd1db8ea1c","signature_type":"Line","deprecated":false,"signature_version":"v1","id":"CVE-2023-4681-194c022b"},{"target":{"file":"src/media_tools/mpeg2_ps.c"},"digest":{"line_hashes":["333504724465654407576826987962729524375","63003032487709101724183089140208468991","317542600815826085559399540722027009317","80899570522104376489311998158595595238","221050957040532270980123398562258982786","16384574690274658641345153075672388708","44756458142263959920915779039832215093","306127255901830898402327154963475387826"],"threshold":0.9},"source":"https://github.com/gpac/gpac/commit/4bac19ad854159b21ba70d8ab7c4e1cd1db8ea1c","signature_type":"Line","deprecated":false,"signature_version":"v1","id":"CVE-2023-4681-61edeaed"},{"target":{"function":"get_info_from_frame","file":"src/media_tools/mpeg2_ps.c"},"digest":{"length":1193,"function_hash":"7825223821165836161230033993159711725"},"source":"https://github.com/gpac/gpac/commit/4bac19ad854159b21ba70d8ab7c4e1cd1db8ea1c","signature_type":"Function","deprecated":false,"signature_version":"v1","id":"CVE-2023-4681-622f7433"},{"target":{"function":"avi_parse_input_file","file":"src/media_tools/avilib.c"},"digest":{"length":25612,"function_hash":"207832194469358567883166047078125262788"},"source":"https://github.com/gpac/gpac/commit/4bac19ad854159b21ba70d8ab7c4e1cd1db8ea1c","signature_type":"Function","deprecated":false,"signature_version":"v1","id":"CVE-2023-4681-83b6ab1a"},{"target":{"file":"src/filters/dasher.c"},"digest":{"line_hashes":["203266839199215303245917129155627550062","325603647669302415240279831467064297018","176372028692163430206160807564606150662","38951229708949324394289918342158240055","99913726557001578715241780492202307062","80628206526510407134383912321569199643","150836974687510789756420629426542650072","145659660232263937290866761332998721826"],"threshold":0.9},"source":"https://github.com/gpac/gpac/commit/4bac19ad854159b21ba70d8ab7c4e1cd1db8ea1c","signature_type":"Line","deprecated":false,"signature_version":"v1","id":"CVE-2023-4681-e8805331"},{"target":{"function":"dasher_process","file":"src/filters/dasher.c"},"digest":{"length":29994,"function_hash":"162186237146227738599300456452558245522"},"source":"https://github.com/gpac/gpac/commit/4bac19ad854159b21ba70d8ab7c4e1cd1db8ea1c","signature_type":"Function","deprecated":false,"signature_version":"v1","id":"CVE-2023-4681-ed163667"},{"target":{"function":"get_info_for_all_streams","file":"src/media_tools/mpeg2_ps.c"},"digest":{"length":1269,"function_hash":"103095650508534260330103376065416736906"},"source":"https://github.com/gpac/gpac/commit/4bac19ad854159b21ba70d8ab7c4e1cd1db8ea1c","signature_type":"Function","deprecated":false,"signature_version":"v1","id":"CVE-2023-4681-f633dbcf"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}]}