{"id":"CVE-2023-4756","summary":"Stack-based Buffer Overflow in gpac/gpac","details":"Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.","modified":"2026-04-12T06:44:49.522049Z","published":"2023-09-04T08:24:56.615Z","database_specific":{"cwe_ids":["CWE-121"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/4xxx/CVE-2023-4756.json","cna_assigner":"@huntrdev"},"references":[{"type":"WEB","url":"https://huntr.dev/bounties/2342da0e-f097-4ce7-bfdc-3ec0ba446e05"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/4xxx/CVE-2023-4756.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4756"},{"type":"FIX","url":"https://github.com/gpac/gpac/commit/6914d016e2b540bac2c471c4aea156ddef8e8e01"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gpac/gpac","events":[{"introduced":"0"},{"fixed":"6914d016e2b540bac2c471c4aea156ddef8e8e01"}]},{"type":"GIT","repo":"https://github.com/gpac/gpac","events":[{"introduced":"0"},{"fixed":"6914d016e2b540bac2c471c4aea156ddef8e8e01"}]}],"versions":["v0.5.2","v0.6.0","v0.9.0","v0.9.0-preview","v1.0.0","v2.0.0","v2.2.0"],"database_specific":{"vanir_signatures":[{"deprecated":false,"signature_type":"Function","id":"CVE-2023-4756-bae29837","source":"https://github.com/gpac/gpac/commit/6914d016e2b540bac2c471c4aea156ddef8e8e01","digest":{"length":7238,"function_hash":"248969471670354423913633833643448318600"},"signature_version":"v1","target":{"function":"gf_bt_check_line","file":"src/scene_manager/loader_bt.c"}},{"deprecated":false,"signature_type":"Line","id":"CVE-2023-4756-e48e1b97","source":"https://github.com/gpac/gpac/commit/6914d016e2b540bac2c471c4aea156ddef8e8e01","digest":{"line_hashes":["159980883770019638156314446817634402497","177691367290579395854467380098755301776","177547609927727253232917970462317179226","106799466234984483722179104676976705206","192858067282737056496419545910395749718","209793702161040535968236786835585921436","337238617098004924347294413228698578708","242153535204094392994649042168891423440","224157320800109348735711292323651055671","50650812290744805346066813341934454298","282066337774628935860786118948460123407","261542863855760504059832236557960043282","138114858756252476810517500589087291066","81670259513898047699039334091588162365","154058914503412685594814357024180272659","49933698396067619365573851390073859167","216552187568122321869877685895911600229","187927402125930479632204714895315874837","259803232686737589915358931485226653714","34484451110572194430845707527561756871","306310920425379990060806065370557013959","253100823954240397805525734881280879802","34620981024414339371734869872502791732","152866302972597861012534317415554917024"],"threshold":0.9},"signature_version":"v1","target":{"file":"src/scene_manager/loader_bt.c"}}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2.3"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4756.json","vanir_signatures_modified":"2026-04-12T06:44:49Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}]}