{"id":"CVE-2023-4778","summary":"Out-of-bounds Read in gpac/gpac","details":"Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.","modified":"2026-04-12T06:44:46.046978Z","published":"2023-09-05T15:43:08.880Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/4xxx/CVE-2023-4778.json","cna_assigner":"@huntrdev","cwe_ids":["CWE-125"]},"references":[{"type":"WEB","url":"https://huntr.dev/bounties/abb450fb-4ab2-49b0-90da-3d878eea5397"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/4xxx/CVE-2023-4778.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4778"},{"type":"FIX","url":"https://github.com/gpac/gpac/commit/d553698050af478049e1a09e44a15ac884f223ed"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gpac/gpac","events":[{"introduced":"0"},{"fixed":"d553698050af478049e1a09e44a15ac884f223ed"}]},{"type":"GIT","repo":"https://github.com/gpac/gpac","events":[{"introduced":"0"},{"fixed":"d553698050af478049e1a09e44a15ac884f223ed"}]}],"versions":["v0.5.2","v0.6.0","v0.9.0","v0.9.0-preview","v1.0.0","v2.0.0","v2.2.0"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/gpac/gpac/commit/d553698050af478049e1a09e44a15ac884f223ed","deprecated":false,"target":{"file":"src/scene_manager/loader_bt.c","function":"gf_bt_get_next"},"signature_version":"v1","signature_type":"Function","digest":{"length":868,"function_hash":"230134720892760684939858539408585715289"},"id":"CVE-2023-4778-3564d4e5"},{"source":"https://github.com/gpac/gpac/commit/d553698050af478049e1a09e44a15ac884f223ed","deprecated":false,"target":{"file":"src/scene_manager/loader_bt.c"},"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["100413094920177152341376416674574170635","63440599427467065764538575598629665345","85432117031290189015682660265852129462","21544235751966140380903477518354757918","3087079466370165389452001273097048314","306315440371083196416921624408844565340","40208917660233398364311770157999759261","127868760706416110938306207912582289314","246484537466226029409609592432193109684"]},"id":"CVE-2023-4778-72a48e68"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4778.json","vanir_signatures_modified":"2026-04-12T06:44:46Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2.3-dev"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}]}