CVE-2021-32134

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-32134
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32134.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-32134
Downstream
Published
2021-09-13T14:15:07Z
Modified
2025-10-15T13:00:48.864994Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The gfodfdesc_copy function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

References

Affected packages

Git / github.com/gpac/gpac

Affected ranges

Type
GIT
Repo
https://github.com/gpac/gpac
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
328c6d682698fdb9878dbb4f282963d42c538c01

Affected versions

v0.*

v0.5.2
v0.6.0
v0.6.1
v0.7.0
v0.7.1
v0.8.0
v0.9.0
v0.9.0-preview

v1.*

v1.0.0
v1.0.1

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "87072219664471274798554866882311369503",
                "207158702629642190162405660877666902686",
                "163030991247463781032938131914321542933",
                "85838730661212457046792921343216419498"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "src/isomedia/sample_descs.c"
        },
        "deprecated": false,
        "source": "https://github.com/gpac/gpac/commit/328c6d682698fdb9878dbb4f282963d42c538c01",
        "signature_version": "v1",
        "id": "CVE-2021-32134-099477fe"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "280464005980807966983223668338836809583",
                "177317867793215790163767223280943261146",
                "275100130490130147649394305227730710100",
                "187997221223575016539940588906499039641",
                "53890182605041850024473347182752467821",
                "301924470615395115807822787547036074710",
                "130826973380456527187629354652526239018",
                "229428091119466963212153486538828952166",
                "202335159113143904031987904145810713501",
                "42611977538667510893346162142550358251",
                "5437114158931408429682475279803496202",
                "204747729719890556792491864182744427188",
                "337368547750792979774254460655613692950",
                "95759981727036207863138444184268138765",
                "180050776445967646781892804650952765961",
                "123565105528976650707319139922502560797",
                "141922793458072470451972499714448521388",
                "254418367653906172106377897411894889441",
                "71437196154558579487509445326925646550",
                "150671501693911753481019918483312620881",
                "258582731116713097680500444875964568696",
                "100792552604973906518581014779105927142",
                "10089332688609058064160621683646776578",
                "258684800918564886709572745592597898303",
                "261089947235277630759996435395977986091",
                "37408124665596274468355930276680345147",
                "6062417801588791057623790818858982762",
                "327084257933034748867894985416211628450",
                "281621772201461256718693896720232937129",
                "230529681443144546361435389877537708921",
                "40551894791657388043750221128768569338",
                "233196124143064350256618271450170326001",
                "95960035853597975051923666780446752430",
                "32758502968098233758170375661545250828",
                "78446945697072918088426932192966153170",
                "57054748715437539599704094114408988356",
                "291706511586069067641377217790805083001",
                "271474999852878476301928220416746624639",
                "137839219090807089605659224088176996959",
                "223116913534534754451056593911430687007",
                "268165545832650133843805928884131194998",
                "62348698858314388173514646694180370607",
                "146489792757057107023238789166066167092",
                "90794276715618589575283650714958064377",
                "44107222797121741950217286364669846075",
                "263295828365002110603823291052715600131",
                "296474375902069687392969880697393672395",
                "295311621536101089088535859507321112023",
                "171553907365579308913393718784827324093",
                "266361721007171979652413554996128081938",
                "324079455570120593743861811807855169656",
                "283463624580017117468945801811815469721",
                "337304998426971884920615737393115840846",
                "313438546838596492031519816560537123644",
                "311706240244063454148881731212090319493",
                "116389834731367105953709398289971641442",
                "126548158438050624594355507448815853747",
                "67323124644130908704250754961333399895",
                "131523046345369069608379328911584948212",
                "301938327520717531497849278420635405567",
                "233256866071501419070830335462160708796",
                "144624584555433153269044691625541872781",
                "286314466421499469751221026383571996374",
                "155514651354618079264387827793530773814"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "src/isomedia/media.c"
        },
        "deprecated": false,
        "source": "https://github.com/gpac/gpac/commit/328c6d682698fdb9878dbb4f282963d42c538c01",
        "signature_version": "v1",
        "id": "CVE-2021-32134-31b5da29"
    },
    {
        "digest": {
            "length": 192.0,
            "function_hash": "154020296050216148428272513751844233621"
        },
        "signature_type": "Function",
        "target": {
            "function": "encs_box_new",
            "file": "src/isomedia/box_code_base.c"
        },
        "deprecated": false,
        "source": "https://github.com/gpac/gpac/commit/328c6d682698fdb9878dbb4f282963d42c538c01",
        "signature_version": "v1",
        "id": "CVE-2021-32134-68c9c517"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "197288316911690542518520716819100671160",
                "260612245045599712417540369120044700223",
                "255750778325969247400339365459778353457",
                "304916394630598416007631795272529488408",
                "295738874752992681844451253110263359529",
                "70497586339727161998018853392359494378",
                "255750778325969247400339365459778353457",
                "294347008878696761029920893640384067969"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "src/isomedia/box_code_base.c"
        },
        "deprecated": false,
        "source": "https://github.com/gpac/gpac/commit/328c6d682698fdb9878dbb4f282963d42c538c01",
        "signature_version": "v1",
        "id": "CVE-2021-32134-6c7dbe87"
    },
    {
        "digest": {
            "length": 192.0,
            "function_hash": "231398354485610247120547426305154254360"
        },
        "signature_type": "Function",
        "target": {
            "function": "mp4s_box_new",
            "file": "src/isomedia/box_code_base.c"
        },
        "deprecated": false,
        "source": "https://github.com/gpac/gpac/commit/328c6d682698fdb9878dbb4f282963d42c538c01",
        "signature_version": "v1",
        "id": "CVE-2021-32134-db1c5cfe"
    },
    {
        "digest": {
            "length": 8480.0,
            "function_hash": "196710305299743351416407136493841828926"
        },
        "signature_type": "Function",
        "target": {
            "function": "Media_GetESD",
            "file": "src/isomedia/media.c"
        },
        "deprecated": false,
        "source": "https://github.com/gpac/gpac/commit/328c6d682698fdb9878dbb4f282963d42c538c01",
        "signature_version": "v1",
        "id": "CVE-2021-32134-ea32a9c2"
    }
]