{"id":"CVE-2023-0818","summary":"Off-by-one Error in gpac/gpac","details":"Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV.","modified":"2026-04-30T16:30:54.806141Z","published":"2023-02-13T00:00:00Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/0xxx/CVE-2023-0818.json","cwe_ids":["CWE-193"],"cna_assigner":"@huntrdev"},"references":[{"type":"WEB","url":"https://huntr.dev/bounties/038e7472-f3e9-46c2-9aea-d6dafb62a18a"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/0xxx/CVE-2023-0818.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0818"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5411"},{"type":"FIX","url":"https://github.com/gpac/gpac/commit/377ab25f3e502db2934a9cf4b54739e1c89a02ff"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gpac/gpac","events":[{"introduced":"0"},{"fixed":"377ab25f3e502db2934a9cf4b54739e1c89a02ff"}],"database_specific":{"source":"REFERENCES"}}],"versions":["v0.5.2","v0.6.0","v0.9.0","v0.9.0-preview","v1.0.0","v2.0.0","v2.2.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-0818.json","vanir_signatures":[{"digest":{"length":1796,"function_hash":"322926542486292089071506824307167294455"},"deprecated":false,"target":{"function":"gf_text_get_utf8_line","file":"src/filters/load_text.c"},"source":"https://github.com/gpac/gpac/commit/377ab25f3e502db2934a9cf4b54739e1c89a02ff","signature_version":"v1","signature_type":"Function","id":"CVE-2023-0818-198bbc22"},{"digest":{"threshold":0.9,"line_hashes":["283233233962778744132558282529870065260","261649621933077853379697878440446239229","209122548994202013972892363222986092398","157103700044101798836924666133282197355","77832819178956115580584191482867065946","56209112334828745132090168832632497091","137375472079180793971770531026869947605","195315605255369778016337143193813292712","214754182885975121674607553813628597623","23961833882725610463043495768955370299","265230746935875774132342683357985428857","76230474250890766558331649731950128273","94472278752800392215224315628663558210","134178486260690025415349272322307926274","77080554615371308706935803686578556245","168943579593236440155985016254807639626","31010115283356593223980664162603313666","266096898231188492742702051014394822896","198662757964263096721946816481483744853","12443160771385687458284800780302201977","337816182281328089146853371250597890581","127848686430145975534723218453937392824","286048946391480278915647109261504942541","260418044081439508942616133683955859338","10388832646926770454574616562621126591","26196327428444164013561834409301239604","86841968666241094164180006565847185774","23101965303127379110632218845141614687"]},"deprecated":false,"target":{"file":"src/filters/load_text.c"},"source":"https://github.com/gpac/gpac/commit/377ab25f3e502db2934a9cf4b54739e1c89a02ff","signature_version":"v1","signature_type":"Line","id":"CVE-2023-0818-f3787b25"}],"vanir_signatures_modified":"2026-04-30T16:30:54Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}]}