CVE-2021-40568

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-40568
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-40568.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-40568
Downstream
Published
2022-01-13T18:15:07Z
Modified
2025-10-15T13:17:38.106105Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A buffer overflow vulnerability exists in Gpac through 1.0.1 via a malformed MP4 file in the svcparseslice function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.

References

Affected packages

Git / github.com/gpac/gpac

Affected ranges

Type
GIT
Repo
https://github.com/gpac/gpac
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f1ae01d745200a258cdf62622f71754c37cb6c30

Affected versions

v0.*

v0.5.2
v0.6.0
v0.6.1
v0.7.0
v0.7.1
v0.8.0
v0.9.0
v0.9.0-preview

v1.*

v1.0.0
v1.0.1

Database specific 

{
    "vanir_signatures": [
        {
            "target": {
                "file": "src/media_tools/av_parsers.c"
            },
            "signature_version": "v1",
            "id": "CVE-2021-40568-29ccc687",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "271653455945834763208605817383398407567",
                    "108141525076181077294603074563806756805",
                    "190803646424172019847377105406717169819",
                    "89477344314601249121963044820989003834",
                    "290637595160814789406353695481930629703",
                    "63844348439704388504248188721780055958",
                    "77211956177004889184976754078166324125",
                    "93252862727952819464823552247917341008",
                    "210379992823712861008072287307593731924",
                    "164007027648911898047628708525104472158",
                    "33139317742673087143301621788696875760",
                    "71975751562691156573789078052992987280",
                    "242024803436346367085704818926588916010",
                    "299823168141144608576117028597126088114",
                    "236105253951310564318966436216071134934",
                    "110357499185969270537647273652446008653",
                    "305083598892664072296549753441583846912"
                ]
            },
            "deprecated": false,
            "source": "https://github.com/gpac/gpac/commit/f1ae01d745200a258cdf62622f71754c37cb6c30",
            "signature_type": "Line"
        },
        {
            "target": {
                "file": "src/media_tools/av_parsers.c",
                "function": "svc_parse_slice"
            },
            "signature_version": "v1",
            "id": "CVE-2021-40568-48037a01",
            "digest": {
                "length": 1785.0,
                "function_hash": "59411885416295801732352142629685711594"
            },
            "deprecated": false,
            "source": "https://github.com/gpac/gpac/commit/f1ae01d745200a258cdf62622f71754c37cb6c30",
            "signature_type": "Function"
        },
        {
            "target": {
                "file": "src/media_tools/av_parsers.c",
                "function": "gf_bs_read_ue_log_idx3"
            },
            "signature_version": "v1",
            "id": "CVE-2021-40568-e854a826",
            "digest": {
                "length": 761.0,
                "function_hash": "10749217417946529625503250407587877509"
            },
            "deprecated": false,
            "source": "https://github.com/gpac/gpac/commit/f1ae01d745200a258cdf62622f71754c37cb6c30",
            "signature_type": "Function"
        }
    ]
}