CVE-2021-32139

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-32139
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32139.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-32139
Downstream
Published
2021-09-13T20:15:08Z
Modified
2025-10-15T13:00:42.004687Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The gfisomvpconfigget function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

References

Affected packages

Git / github.com/gpac/gpac

Affected ranges

Type
GIT
Repo
https://github.com/gpac/gpac
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d527325a9b72218612455a534a508f9e1753f76e

Affected versions

v0.*

v0.5.2
v0.6.0
v0.6.1
v0.7.0
v0.7.1
v0.8.0
v0.9.0
v0.9.0-preview

v1.*

v1.0.0
v1.0.1

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "target": {
            "function": "gf_isom_get_text_description",
            "file": "src/isomedia/tx3g.c"
        },
        "source": "https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e",
        "digest": {
            "function_hash": "237968198025287730497278046080546756612",
            "length": 1910.0
        },
        "deprecated": false,
        "id": "CVE-2021-32139-16f79513",
        "signature_version": "v1"
    },
    {
        "signature_type": "Line",
        "target": {
            "file": "src/isomedia/tx3g.c"
        },
        "source": "https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "314785598400476081907897238159561446937",
                "39297982965263165565234316539076606797",
                "34322946281552202088595959474532645289",
                "285107619871607307888591408733038828255",
                "257111622780443167208806087646289525885",
                "85185535301096179344231771274441173797",
                "279677124283244174790275238594249504435",
                "206864044985832265162432951056494300870",
                "168618130679097175487488998805082612676",
                "257053256992759656791742847666193675691",
                "244132099374000443547666702509300159768",
                "31375969149732438609322652487828466167",
                "44873374323019326336982078405001050449",
                "114138140723343393433035491474634165369",
                "23082016861813058947151327822774095254",
                "308967239904125365961945103152494675144",
                "227675292034094446003216056566700084323",
                "220286351252232516281493729002490116721",
                "217234754033634237003552242652390877581",
                "109760038750350817143792751821466089892",
                "295407536924397632196673753409328116023",
                "228051851339683722809305412065117898674",
                "308730031140425239765947448248414622977",
                "246968027949005556914415780564038289749",
                "296503348982262503707375084473248799052",
                "282252155678078993098140495413193568535",
                "68460045410011096045969399512702540738",
                "317019395323972395554783984558286523090",
                "37479776102755410563788087056567371074",
                "175784360440870747158566697339778243306",
                "172095803706897062121514600646053043276",
                "31549104532044918314625825944209711736",
                "294359791652996728909039812981901845124",
                "282969845068269812628089583044728116931",
                "258694831439777861426791892591122940840",
                "203536563993011916490702185429858434718",
                "24073279700481631868398847479259856656",
                "58742753115478329581632494208145514915",
                "340263339847363552894914272003526871911",
                "245298402067330600975784376478185092131",
                "175371348084086555765771930078985543015",
                "205795789955740096482638626211305602670",
                "316941333985640756683483868744687118512",
                "192579263994406965005171305047732993932",
                "303268707351446405650043909956348071051",
                "250616904384506900483071003779364389313",
                "41608842365932223245597927901603918572",
                "201852284568133914910227845503858422981",
                "131137358962252216733174986579645592529",
                "148408378120403051787345157103782078626",
                "42861754456477393570358219732213027911",
                "313319317403965280681606233236259805559",
                "148125766157798230576646270529186746697",
                "118182429750893834056005815395214159309",
                "165435521818185160482176695642924267762",
                "20848950988210126211258341735165239398",
                "186967395851973750512376237371630099265",
                "2100240553790073027983183875632815816",
                "94689611042767137106019586586957190428",
                "313533580369414163668503212648576297151",
                "178249859741969799176040262464192087792",
                "194062244923396086516974122010465819537",
                "17220389345554546867886316036904372312",
                "55364458400802032605125552813046819274",
                "270901686550785045667887720148360045760",
                "234810311156630130145359495211673420426",
                "54636643295782312575205087132080828016",
                "162136457625484191309414490101456737036",
                "19154808868759158709538166832441640028",
                "169561987481342862568023467199818917274",
                "262340676552882396808780221747176244289",
                "25881981587087205534163815370403645412",
                "48220963583463270504224430892670210447",
                "264425142174982012229227408252417659542",
                "271683715246420809068262789279732926059",
                "300883872089050671479649920941773393456",
                "275732191754411884295033051013969036802",
                "290898792987293166284938776282661523610",
                "69183823234019597768523776499385809544",
                "244816572546749414317786186533888233942",
                "222586068336852920962938785449947072707"
            ]
        },
        "deprecated": false,
        "id": "CVE-2021-32139-49507d11",
        "signature_version": "v1"
    },
    {
        "signature_type": "Line",
        "target": {
            "file": "src/isomedia/box_funcs.c"
        },
        "source": "https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "38811826838820224488015634239327678321",
                "263613655721477377610540246185571983269",
                "302269737319911021101065730842824275454",
                "167952357205358234796591051514868791684",
                "69239800199507256686067185848353177220",
                "231617734589275814423619520159454821002",
                "111541327350802540725435329213317145302",
                "109866006735512793479221135001397696538",
                "55485089266698408167068835278507305258",
                "164384379285679161155987494812096654528",
                "296927275633329689543179743811297018020",
                "63469577542039336294027575919960521305",
                "263174592481182145474754368004770463108",
                "1473117532013400888084092736948736155",
                "206820618185766992297318959715442950880"
            ]
        },
        "deprecated": false,
        "id": "CVE-2021-32139-50039832",
        "signature_version": "v1"
    },
    {
        "signature_type": "Line",
        "target": {
            "file": "src/isomedia/box_code_3gpp.c"
        },
        "source": "https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "12055172403992548730795136303354161660",
                "308095729992416141003569703757282138897",
                "98611018454690950159235941658981408195",
                "267997682663762260374231981539009650643",
                "308781871567122149659040653472175983838",
                "83589916458171227010361836279844736216",
                "88517728134222866971719757909439514182",
                "268651379344161174606453056379209462408",
                "312190664333600473880856078858358819169",
                "221570157451691373763647823878697318981",
                "56633319245266878862185750046832313480",
                "60868136641449603796186084927289976381",
                "195359538506858381161477763924039383583",
                "147424277785275130902791201115832686513"
            ]
        },
        "deprecated": false,
        "id": "CVE-2021-32139-6d5be07d",
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "gf_isom_box_parse_ex",
            "file": "src/isomedia/box_funcs.c"
        },
        "source": "https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e",
        "digest": {
            "function_hash": "152433529439738543331564381871644881425",
            "length": 6409.0
        },
        "deprecated": false,
        "id": "CVE-2021-32139-94f0b043",
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "text_box_read",
            "file": "src/isomedia/box_code_3gpp.c"
        },
        "source": "https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e",
        "digest": {
            "function_hash": "132855409650819043526539791724461030622",
            "length": 2120.0
        },
        "deprecated": false,
        "id": "CVE-2021-32139-95af0530",
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "gf_isom_write_tx3g",
            "file": "src/isomedia/tx3g.c"
        },
        "source": "https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e",
        "digest": {
            "function_hash": "9070089677767129232421059759517367989",
            "length": 2025.0
        },
        "deprecated": false,
        "id": "CVE-2021-32139-9c6f0ca6",
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "text_box_size",
            "file": "src/isomedia/box_code_3gpp.c"
        },
        "source": "https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e",
        "digest": {
            "function_hash": "32361000984150640446780565440379925143",
            "length": 182.0
        },
        "deprecated": false,
        "id": "CVE-2021-32139-fe9a1645",
        "signature_version": "v1"
    }
]