The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerability in the ilocentrydel funciton in boxcodemeta.c, which allows attackers to cause a denial of service.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "149823414927836579098746570423815919335", "93769482340943030318370578903192490969", "275929568091779705345925858195189402111", "102164374874747017241421497500399874110", "61626680959263446267536324574641542840", "60499578334960744554858141572716931794", "84196173534046092320219116099880981472", "222148610140731845636239295737010466568" ] }, "signature_type": "Line", "source": "https://github.com/gpac/gpac/commit/b03c9f252526bb42fbd1b87b9f5e339c3cf2390a", "signature_version": "v1", "target": { "file": "src/isomedia/box_code_meta.c" }, "deprecated": false, "id": "CVE-2021-40569-5e9634c5" }, { "digest": { "function_hash": "226280696285822800243854413849102000647", "length": 2217.0 }, "signature_type": "Function", "source": "https://github.com/gpac/gpac/commit/b03c9f252526bb42fbd1b87b9f5e339c3cf2390a", "signature_version": "v1", "target": { "file": "src/isomedia/box_code_meta.c", "function": "iloc_box_read" }, "deprecated": false, "id": "CVE-2021-40569-c859ecee" } ] }