{"id":"CVE-2023-5377","summary":"Out-of-bounds Read in gpac/gpac","details":"Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.","modified":"2026-04-02T09:46:49.137625Z","published":"2023-10-04T09:53:52.991Z","database_specific":{"cwe_ids":["CWE-125"],"cna_assigner":"@huntrdev","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/5xxx/CVE-2023-5377.json"},"references":[{"type":"WEB","url":"https://huntr.dev/bounties/fe778df4-3867-41d6-954b-211c81bccbbf"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/5xxx/CVE-2023-5377.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5377"},{"type":"FIX","url":"https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gpac/gpac","events":[{"introduced":"0"},{"last_affected":"b34e3851670f4398a4e2efcb86b30a8b07743212"},{"fixed":"8e9d6b38c036a97020c462ad48e1132e0ddc57ce"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.2.1"}]}}],"versions":["v0.5.2","v0.6.0","v0.6.1","v0.7.0","v0.7.1","v0.8.0","v0.8.1","v0.9.0","v0.9.0-preview","v1.0.0","v1.0.1","v2.0.0","v2.2.0","v2.2.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5377.json","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["206149140974794988691560744896241078852","172018749775566593981541193109531147138","112172227120341694852368187123895731167","306781857209406121489092738392311731271","21678994370170228093536046448415743348","321808431412363406510170943205169366750","167545028061417434865613714348709121930","207891100070401110118464375570528600007","312921898786311993404857047960632963692","177507639425821256593547932331649833184","34310841718963014481027105603923537514","332212226161425728843404499971330256525","84431582940323312944246989518699976974","132767221064338722814148577232202250150","143500007776647864042628061080033365789","338732402945292496144543140389044472857","17359451600276719580951907222323746810","254791279033884040698732341675081375324","222886452536659440600255198835744917005","130627198915037944498716875052553661221","86598780336386449086195450619351077313","126914261124287535914335427335691682554","208358054153882082500963067975601003580","218926890067045696623748151182555730457","85224240819622843816056512455117381038","122189976602705254337377162778515922713","236691050852660505868259251794093270094","211910093668259319780737642818758484814","130863125925713933280868198467725620019","134139530017887630747042809390163723535","229137895603731752904956756092575506835","90759316681171635029716370370827978736","94446263886385193219838162414253559359","103745099420506681117150321204504441387","329494668979350027669419724801400887933","275149531077868417907525387515673844659","145063908485132834571693963095208969567","221823261087616069085944278557335352739","113555840884045375608292284261732554227","9506084924634820964735430509197823651","269602378032068922394585924323145049831","8038557124902460571155795133678067783","49339965177806179238321902631505360522","133507769395141436348392221582685909281","152709233406148329813702607866161657557","338154652417480415937574395957140240880","205081153350493655061584411965497289857","49154873013523313121484379327412399603","231933617240262180759533123403750851681","130340087982401410893278553736843203917","133746531562187547941475976141960534835","6096911702232115005716153085074360465","186353405227279620696082451748895914269"]},"signature_version":"v1","id":"CVE-2023-5377-25c38c9e","deprecated":false,"source":"https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce","signature_type":"Line","target":{"file":"src/isomedia/box_code_base.c"}},{"digest":{"function_hash":"105507188906414026886356362809184535521","length":499},"signature_version":"v1","id":"CVE-2023-5377-2d60c96e","deprecated":false,"source":"https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce","signature_type":"Function","target":{"file":"src/isomedia/box_code_base.c","function":"chnl_box_size"}},{"digest":{"threshold":0.9,"line_hashes":["176719652750588591703736348680250146090","304370562687795239577460394394911952356","168635309321811475422617135382090616599","279834521031967599611900398898174227553","77319512873902113118712124384756448288"]},"signature_version":"v1","id":"CVE-2023-5377-8e675139","deprecated":false,"source":"https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce","signature_type":"Line","target":{"file":"include/gpac/isomedia.h"}},{"digest":{"function_hash":"95138547818420596937865034202945406798","length":890},"signature_version":"v1","id":"CVE-2023-5377-a80c8698","deprecated":false,"source":"https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce","signature_type":"Function","target":{"file":"src/isomedia/box_code_base.c","function":"chnl_box_write"}},{"digest":{"threshold":0.9,"line_hashes":["145564815963863915996929537355581249390","55492130042473762977376947404562800372","287815202433544572733386558912109943745"]},"signature_version":"v1","id":"CVE-2023-5377-b0187815","deprecated":false,"source":"https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce","signature_type":"Line","target":{"file":"src/isomedia/isom_write.c"}},{"digest":{"function_hash":"169793408401767600714959475731249187751","length":1500},"signature_version":"v1","id":"CVE-2023-5377-b4d988b4","deprecated":false,"source":"https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce","signature_type":"Function","target":{"file":"src/isomedia/isom_write.c","function":"gf_isom_set_audio_layout"}},{"digest":{"function_hash":"321282034388334425073874682755753976437","length":1209},"signature_version":"v1","id":"CVE-2023-5377-de4eef4f","deprecated":false,"source":"https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce","signature_type":"Function","target":{"file":"src/isomedia/box_code_base.c","function":"chnl_box_read"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}