The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the mpgviddmxprocess function in reframempgvid.c, which allows attackers to cause a denial of service. This vulnerability is possibly due to an incomplete fix for CVE-2021-40566.
{ "vanir_signatures": [ { "signature_version": "v1", "deprecated": false, "target": { "file": "src/filters/reframe_mpgvid.c", "function": "mpgviddmx_process" }, "digest": { "length": 11632.0, "function_hash": "238548266912089028535286901083867122245" }, "source": "https://github.com/gpac/gpac/commit/5f2c2a16d30229b6241f02fa28e3d6b810d64858", "id": "CVE-2021-40575-74545e4b", "signature_type": "Function" }, { "signature_version": "v1", "deprecated": false, "target": { "file": "src/filters/reframe_mpgvid.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "238283239651046288442868624494354388708", "161142280365678938413144336780536763427", "44357155248538026696390231919038228746" ] }, "source": "https://github.com/gpac/gpac/commit/5f2c2a16d30229b6241f02fa28e3d6b810d64858", "id": "CVE-2021-40575-96ad76d5", "signature_type": "Line" } ] }