diff --git a/.github/workflows/build_linux.yml b/.github/workflows/build_linux.yml
index 4bb225cfb..51a1e5bcb 100644
--- a/.github/workflows/build_linux.yml
+++ b/.github/workflows/build_linux.yml
@@ -27,7 +27,7 @@ jobs:
     steps:
     - name: Install dependencies
       run: sudo apt update && sudo apt-get install libgpac-dev libtesseract-dev
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: build
       run: ./build
       working-directory: ./linux
@@ -38,7 +38,7 @@ jobs:
       run: mkdir ./linux/artifacts
     - name: Copy release artifact
       run: cp ./linux/ccextractor ./linux/artifacts/
-    - uses: actions/upload-artifact@v3
+    - uses: actions/upload-artifact@v4
       with:
         name: CCExtractor Linux build
         path: ./linux/artifacts
@@ -47,7 +47,7 @@ jobs:
     steps:
     - name: Install dependencies
       run: sudo apt update && sudo apt-get install libgpac-dev
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: run autogen
       run: ./autogen.sh
       working-directory: ./linux
@@ -65,7 +65,7 @@ jobs:
     steps:
     - name: Install dependencies
       run: sudo apt update && sudo apt-get install libgpac-dev
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: cmake
       run: mkdir build && cd build && cmake ../src
     - name: build
@@ -76,7 +76,7 @@ jobs:
   cmake_ocr_hardsubx:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Install dependencies
       run: sudo apt update && sudo apt install libgpac-dev libtesseract-dev libavformat-dev libavdevice-dev libswscale-dev yasm
     - name: cmake
@@ -94,7 +94,7 @@ jobs:
     steps:
       - name: Install dependencies
         run: sudo apt update && sudo apt-get install libgpac-dev
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: cache 
         uses: actions/cache@v3
         with:
diff --git a/.github/workflows/build_mac.yml b/.github/workflows/build_mac.yml
index 219704e6a..135d1e622 100644
--- a/.github/workflows/build_mac.yml
+++ b/.github/workflows/build_mac.yml
@@ -27,7 +27,7 @@ jobs:
     steps:
     - name: Install dependencies
       run: brew install pkg-config autoconf automake libtool tesseract leptonica gpac
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: build
       run: ./build.command
       working-directory: ./mac
@@ -38,14 +38,14 @@ jobs:
       run: mkdir ./mac/artifacts
     - name: Copy release artifact
       run: cp ./mac/ccextractor ./mac/artifacts/
-    - uses: actions/upload-artifact@v3
+    - uses: actions/upload-artifact@v4
       with:
         name: CCExtractor mac build
         path: ./mac/artifacts
   build_autoconf:
     runs-on: macos-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Install dependencies
       run: brew install pkg-config autoconf automake libtool gpac
     - name: run autogen
@@ -63,10 +63,10 @@ jobs:
   cmake:
     runs-on: macos-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: dependencies
       run: brew install gpac
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: cmake
       run: mkdir build && cd build && cmake ../src
     - name: build
@@ -77,7 +77,7 @@ jobs:
   cmake_ocr_hardsubx:
     runs-on: macos-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Install dependencies
       run: brew install pkg-config autoconf automake libtool tesseract leptonica gpac ffmpeg
     - name: cmake
@@ -93,7 +93,7 @@ jobs:
   build_rust:
     runs-on: macos-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: cache 
         uses: actions/cache@v3
         with:
diff --git a/.github/workflows/build_windows.yml b/.github/workflows/build_windows.yml
index 37c793a92..3ecbf1c8b 100644
--- a/.github/workflows/build_windows.yml
+++ b/.github/workflows/build_windows.yml
@@ -25,7 +25,7 @@ jobs:
     runs-on: windows-2019
     steps:
       - name: Check out repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Setup MSBuild.exe
         uses: microsoft/setup-msbuild@v1.3.1
       - name: Install llvm and clang
@@ -57,7 +57,7 @@ jobs:
       - name: Display version information
         run: ./ccextractorwinfull.exe --version
         working-directory: ./windows/x64/Release-Full
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         with:
           name: CCExtractor Windows Release build
           path: |
@@ -67,7 +67,7 @@ jobs:
     runs-on: windows-2019
     steps:
       - name: Check out repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Setup MSBuild.exe
         uses: microsoft/setup-msbuild@v1.3.1
       - name: Install llvm and clang
@@ -99,7 +99,7 @@ jobs:
       - name: Display version information
         run: ./ccextractorwinfull.exe --version
         working-directory: ./windows/x64/Debug-Full
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         with:
           name: CCExtractor Windows Debug build
           path: |
diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml
index 0cc02cb51..98d580264 100644
--- a/.github/workflows/format.yml
+++ b/.github/workflows/format.yml
@@ -19,7 +19,7 @@ jobs:
   format:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Format code
         run: |
           find src/ -type f -not -path "src/thirdparty/*" -not -path "src/lib_ccx/zvbi/*" -name '*.c' -not -path "src/GUI/icon_data.c" | xargs clang-format -i
@@ -30,7 +30,7 @@ jobs:
       run:
         working-directory: ./src/rust
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: cache 
         uses: actions/cache@v3
         with:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 2a2d2f147..60ef7079a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: windows-latest
     steps:
     - name: Check out repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Get the version
       id: get_version
       run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\/v/}
@@ -62,20 +62,20 @@ jobs:
       run:  wix build -ext "$HOME\.wix\extensions\WixToolset.UI.wixext\4.0.0-preview.0\tools\WixToolset.UI.wixext.dll" -d "AppVersion=${{ steps.get_version.outputs.VERSION }}.0.0" -o CCExtractor.msi installer.wxs
       working-directory: ./windows
     - name: Upload as asset
-      uses: AButler/upload-release-assets@v2.0
+      uses: AButler/upload-release-assets@v3.0
       with:
         files: './windows/CCExtractor.msi;./windows/CCExtractor_win_portable.zip'
         repo-token: ${{ secrets.GITHUB_TOKEN }} 
   create_linux_package:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           path: ./ccextractor
       - name: Create .tar.gz without git and windows folders
         run: tar -pczf ./ccextractor_minimal.tar.gz --exclude "ccextractor/windows" --exclude "ccextractor/.git" ccextractor
       - name: Upload as asset
-        uses: AButler/upload-release-assets@v2.0
+        uses: AButler/upload-release-assets@v3.0
         with:
           files: './ccextractor_minimal.tar.gz'
           repo-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/docs/CHANGES.TXT b/docs/CHANGES.TXT
index 5471ea1a9..214584c72 100644
--- a/docs/CHANGES.TXT
+++ b/docs/CHANGES.TXT
@@ -21,6 +21,7 @@
 - Fix: Repeated values for enums
 - Cleanup: Remove the (unmaintained) Nuklear GUI code
 - Cleanup: Reduce the amount of Windows build options in the project file
+- Fix: infinite loop in MP4 file type detector.
 
 0.94 (2021-12-14)
 -----------------
diff --git a/docs/COMPILATION.MD b/docs/COMPILATION.MD
index 7e91b73a6..7189f71f7 100644
--- a/docs/COMPILATION.MD
+++ b/docs/COMPILATION.MD
@@ -17,7 +17,7 @@ git clone https://github.com/CCExtractor/ccextractor.git
 Debian:
 
 ```bash
-sudo apt-get install -y libglew-dev libglfw3-dev cmake gcc libcurl4-gnutls-dev tesseract-ocr libtesseract-dev libleptonica-dev clang libclang-dev
+sudo apt-get install -y libgpac-dev libglew-dev libglfw3-dev cmake gcc libcurl4-gnutls-dev tesseract-ocr libtesseract-dev libleptonica-dev clang libclang-dev
 ```
 
 RHEL:
@@ -33,6 +33,8 @@ sudo paru -S glew glfw curl tesseract leptonica cmake gcc clang
 
 Rust 1.54 or above is also required. [Install Rust](https://www.rust-lang.org/tools/install). Check specific compilation methods below, on how to compile without rust.
 
+**Note:** On Ubuntu Version 23.10 (Mantic) and later, `libgpac-dev` isn't available, you should build gpac from source by following the easy build instructions [here](https://github.com/gpac/gpac/wiki/GPAC-Build-Guide-for-Linux)
+
 **Note:** On Ubuntu Version 18.04 (Bionic) and later, `libtesseract-dev` is installed rather than `tesseract-ocr-dev`, which does not exist anymore.
 
 **Note:** On Ubuntu Version 14.04 (Trusty) and earlier, you should build leptonica and tesseract from source
diff --git a/src/lib_ccx/mp4.c b/src/lib_ccx/mp4.c
index 1b5c45119..05df43fe0 100644
--- a/src/lib_ccx/mp4.c
+++ b/src/lib_ccx/mp4.c
@@ -51,6 +51,16 @@ static int process_avc_sample(struct lib_ccx_ctx *ctx, u32 timescale, GF_AVCConf
 	{
 		u32 nal_length;
 
+		if (i + c->nal_unit_size > s->dataLength)
+		{
+			mprint("Corrupted packet detected in process_avc_sample. dataLength "
+			       "%u is less than index %u + nal_unit_size %u. Ignoring.\n",
+			       s->dataLength, i, c->nal_unit_size);
+			// The packet is likely corrupted, it's unsafe to read this many bytes
+			// even to detect the length of the next `nal`. Ignoring this error,
+			// hopefully the outer loop in `process_avc_track` can recover.
+			return status;
+		}
 		switch (c->nal_unit_size)
 		{
 			case 1:
@@ -63,15 +73,28 @@ static int process_avc_sample(struct lib_ccx_ctx *ctx, u32 timescale, GF_AVCConf
 				nal_length = bswap32(*(long *)&s->data[i]);
 				break;
 		}
+		const u32 previous_index = i;
 		i += c->nal_unit_size;
+		if (i + nal_length <= previous_index || i + nal_length > s->dataLength)
+		{
+			mprint("Corrupted sample detected in process_avc_sample. dataLength %u "
+			       "is less than index %u + nal_unit_size %u + nal_length %u. Ignoring.\n",
+			       s->dataLength, previous_index, c->nal_unit_size, nal_length);
+			// The packet is likely corrupted, it's unsafe to procell nal_length bytes
+			// because they are past the sample end. Ignoring this error, hopefully
+			// the outer loop in `process_avc_track` can recover.
+			return status;
+		}
 
 		s_nalu_stats.total += 1;
-		s_nalu_stats.type[s->data[i] & 0x1F] += 1;
-
 		temp_debug = 0;
 
 		if (nal_length > 0)
+		{
+			// s->data[i] is only relevant and safe to access here.
+			s_nalu_stats.type[s->data[i] & 0x1F] += 1;
 			do_NAL(enc_ctx, dec_ctx, (unsigned char *)&(s->data[i]), nal_length, sub);
+		}
 		i += nal_length;
 	} // outer for
 	assert(i == s->dataLength);
diff --git a/src/lib_ccx/stream_functions.c b/src/lib_ccx/stream_functions.c
index dd1728d95..14d2372e8 100644
--- a/src/lib_ccx/stream_functions.c
+++ b/src/lib_ccx/stream_functions.c
@@ -99,7 +99,7 @@ void detect_stream_type(struct ccx_demuxer *ctx)
 		while (idx < ctx->startbytes_avail - 8)
 		{
 			// Check if we have a valid box
-			if (isValidMP4Box(ctx->startbytes, idx, &nextBoxLocation, &boxScore))
+			if (isValidMP4Box(ctx->startbytes, idx, &nextBoxLocation, &boxScore) && nextBoxLocation > idx)
 			{
 				idx = nextBoxLocation; // If the box is valid, a new box should be found on the next location... Not somewhere in between.
 				if (boxScore > 7)