{"id":"CVE-2022-29339","details":"In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2.","modified":"2026-04-12T06:00:18.492119Z","published":"2022-05-05T13:15:07.927Z","database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"fixed":"2022-04-12"}]}]},"references":[{"type":"REPORT","url":"https://github.com/gpac/gpac/issues/2165"},{"type":"FIX","url":"https://github.com/gpac/gpac/commit/9ea93a2ec8f555ceed1ee27294cf94822f14f10f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gpac/gpac","events":[{"introduced":"0"},{"fixed":"9ea93a2ec8f555ceed1ee27294cf94822f14f10f"}],"database_specific":{"source":"REFERENCES"}}],"versions":["v0.5.2","v0.6.0","v0.9.0","v0.9.0-preview","v1.0.0","v2.0.0"],"database_specific":{"vanir_signatures":[{"deprecated":false,"source":"https://github.com/gpac/gpac/commit/9ea93a2ec8f555ceed1ee27294cf94822f14f10f","signature_version":"v1","digest":{"line_hashes":["27575333260924690271723913316090272038","64638723455000336939237518752767024593","253389244818062813510678942609131990342","279134304543995930010885174613407233724","90951849340193993840501071466260652457","325797938289522527109820330036149983210","78510171607874770445069673736675445370","10578607602837085915291224640341709624","306004570729267716097593832496510913697"],"threshold":0.9},"signature_type":"Line","id":"CVE-2022-29339-36320841","target":{"file":"src/utils/bitstream.c"}},{"deprecated":false,"source":"https://github.com/gpac/gpac/commit/9ea93a2ec8f555ceed1ee27294cf94822f14f10f","signature_version":"v1","digest":{"line_hashes":["32088175604351725917180542508950921817","238289934137728617752168701117016145753","176144163535163467443320558712025829705","338687548756205230613693655554673930840","144488879647433581182224668752128073225","280237386832865451553269162699834705268","197085688877277167196390899258792622269","213380009366960473395808344196122007297","50224566043393619122609006312934327307","119856942823941705326339822668129204990","188936008438504283206872159764526239387","192379792467368796067536764385559859933"],"threshold":0.9},"signature_type":"Line","id":"CVE-2022-29339-7d565072","target":{"file":"src/isomedia/avc_ext.c"}},{"deprecated":false,"source":"https://github.com/gpac/gpac/commit/9ea93a2ec8f555ceed1ee27294cf94822f14f10f","signature_version":"v1","digest":{"length":3022,"function_hash":"294544517170266289881408795606339015394"},"signature_type":"Function","id":"CVE-2022-29339-d0815737","target":{"file":"src/isomedia/avc_ext.c","function":"gf_isom_oinf_read_entry"}},{"deprecated":false,"source":"https://github.com/gpac/gpac/commit/9ea93a2ec8f555ceed1ee27294cf94822f14f10f","signature_version":"v1","digest":{"length":1702,"function_hash":"51057711861188235736429334094404599876"},"signature_type":"Function","id":"CVE-2022-29339-fa4d31b9","target":{"file":"src/utils/bitstream.c","function":"BS_ReadByte"}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29339.json","vanir_signatures_modified":"2026-04-12T06:00:18Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}