{"id":"CVE-2018-20763","details":"In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking.","modified":"2026-02-23T08:12:55.399282Z","published":"2019-02-06T23:29:00.417Z","related":["MGASA-2019-0146"],"references":[{"type":"ADVISORY","url":"https://github.com/gpac/gpac/commit/1c449a34fe0b50aaffb881bfb9d7c5ab0bb18cdd"},{"type":"ADVISORY","url":"https://github.com/gpac/gpac/issues/1188"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00040.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3926-1/"},{"type":"FIX","url":"https://github.com/gpac/gpac/commit/1c449a34fe0b50aaffb881bfb9d7c5ab0bb18cdd"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00040.html"},{"type":"EVIDENCE","url":"https://github.com/gpac/gpac/issues/1188"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gpac/gpac","events":[{"introduced":"0"},{"fixed":"1c449a34fe0b50aaffb881bfb9d7c5ab0bb18cdd"}]}],"versions":["v0.5.2","v0.6.0","v0.6.1","v0.7.0","v0.7.1"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/gpac/gpac/commit/1c449a34fe0b50aaffb881bfb9d7c5ab0bb18cdd","signature_type":"Line","deprecated":false,"target":{"file":"src/media_tools/text_import.c"},"id":"CVE-2018-20763-0c29edbf","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["235702769480343034047313307639867929372","298928794883382357300699956659113967154","283233233962778744132558282529870065260","261649621933077853379697878440446239229","209122548994202013972892363222986092398","157103700044101798836924666133282197355","77832819178956115580584191482867065946","56209112334828745132090168832632497091","137375472079180793971770531026869947605","195315605255369778016337143193813292712","214754182885975121674607553813628597623","23961833882725610463043495768955370299","265230746935875774132342683357985428857","76230474250890766558331649731950128273","94472278752800392215224315628663558210","134178486260690025415349272322307926274","147553584935692870276770969616666577476","65124336648228577208037481376828722769","266827819259793730333505711717079654629","23961833882725610463043495768955370299","77080554615371308706935803686578556245","168943579593236440155985016254807639626","31010115283356593223980664162603313666","266096898231188492742702051014394822896","147553584935692870276770969616666577476","65124336648228577208037481376828722769","266827819259793730333505711717079654629","147553584935692870276770969616666577476","65124336648228577208037481376828722769","266827819259793730333505711717079654629","214105679552662673944552391824802791071","262576188187337993863662097599105472555","55784920846740878347562072204044441237","243819461520684621562509849593099102113","198662757964263096721946816481483744853","12443160771385687458284800780302201977","337816182281328089146853371250597890581","30803333429749014220767763654088652920","185297088032491927760805274958894238799","241555821475532646140450827136007587960","252317077949574753053110711139019258299","80974710525190027134921846266571567529"]}},{"source":"https://github.com/gpac/gpac/commit/1c449a34fe0b50aaffb881bfb9d7c5ab0bb18cdd","signature_type":"Function","deprecated":false,"target":{"function":"mp4client_main","file":"applications/mp4client/main.c"},"id":"CVE-2018-20763-5a745480","signature_version":"v1","digest":{"function_hash":"281025805913083021418832044241657820068","length":30404}},{"source":"https://github.com/gpac/gpac/commit/1c449a34fe0b50aaffb881bfb9d7c5ab0bb18cdd","signature_type":"Line","deprecated":false,"target":{"file":"applications/mp4client/main.c"},"id":"CVE-2018-20763-6880280e","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["11282892316815077540715522874343051045","321451481839818683466808837788964696340","4781963087568550356061380529387122892","6629588720377507639568403093347739496"]}},{"source":"https://github.com/gpac/gpac/commit/1c449a34fe0b50aaffb881bfb9d7c5ab0bb18cdd","signature_type":"Function","deprecated":false,"target":{"function":"gf_text_get_utf8_line","file":"src/media_tools/text_import.c"},"id":"CVE-2018-20763-ceb79c84","signature_version":"v1","digest":{"function_hash":"234952272341952137755574601918750826876","length":1668}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-20763.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}