gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a heap-based buffer over-read, as demonstrated by MP4Box.Referenceshttps://github.com/gpac/gpac/issues/2173https://www.debian.org/security/2023/dsa-5411
