{"id":"CVE-2018-20760","details":"In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled.","modified":"2026-05-18T05:51:39.644641588Z","published":"2019-02-06T23:29:00.230Z","database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"16.04"},{"last_affected":"18.04"},{"last_affected":"18.10"}],"cpes":["cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"canonical:ubuntu_linux"},{"extracted_events":[{"last_affected":"8.0"}],"cpes":["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"],"vendor_product":"debian:debian_linux","source":"CPE_FIELD"}]},"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00040.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3926-1/"},{"type":"FIX","url":"https://github.com/gpac/gpac/commit/4c1360818fc8948e9307059fba4dc47ba8ad255d"},{"type":"EVIDENCE","url":"https://github.com/gpac/gpac/issues/1177"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gpac/gpac","events":[{"introduced":"0"},{"last_affected":"440d475f133038824dab08292b2e592ecd0e10b4"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"0.7.1"}],"cpe":"cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["v0.7.1","v0.7.0","v0.6.0","v0.5.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-20760.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}