Memory leak in the defparentbox_new function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
{ "vanir_signatures": [ { "deprecated": false, "signature_type": "Function", "signature_version": "v1", "digest": { "length": 13301.0, "function_hash": "223423912552931114097759049568591891683" }, "target": { "function": "gf_isom_parse_movie_boxes_internal", "file": "src/isomedia/isom_intern.c" }, "id": "CVE-2021-33364-77dab79e", "source": "https://github.com/gpac/gpac/commit/fe5155cf047252d1c4cb91602048bfa682af0ea7" }, { "deprecated": false, "signature_type": "Line", "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "192002788294647570961132210103316462265", "48465482772313338867877031409000081430", "300710342515645620793960887718186287929", "144339146887705604177811712246793411966" ] }, "target": { "file": "src/isomedia/isom_intern.c" }, "id": "CVE-2021-33364-9ed6b284", "source": "https://github.com/gpac/gpac/commit/fe5155cf047252d1c4cb91602048bfa682af0ea7" } ] }