CVE-2021-29279

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-29279
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29279.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-29279
Downstream
Published
2021-04-19T20:15:14.287Z
Modified
2026-04-11T17:12:18.541642Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

There is a integer overflow in function filtercore/filterprops.c:gfpropsassignvalue in GPAC 1.0.1. In which, the arg const GFPropertyValue *value,maybe value->value.data.size is a negative number. In result, memcpy in gfpropsassign_value failed.

References

Affected packages

Git / github.com/gpac/gpac

Affected ranges

Type
GIT
Repo
https://github.com/gpac/gpac
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d8538e8ae946b32d99c6b2c57cbb327146e9cd9d
Fixed
da69ad1f970a7e17c865eaec9af98cc84df10d5b
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.1"
        }
    ]
}

Affected versions

v0.*
v0.5.2
v0.6.0
v0.7.0
v0.7.1
v0.9.0
v0.9.0-preview
v1.*
v1.0.0
v1.0.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29279.json"
vanir_signatures_modified 
"2026-04-11T17:12:18Z"
vanir_signatures 
[
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/gpac/gpac/commit/da69ad1f970a7e17c865eaec9af98cc84df10d5b",
        "digest": {
            "function_hash": "271809893264534884931660195218224896488",
            "length": 4986.0
        },
        "id": "CVE-2021-29279-688a941d",
        "deprecated": false,
        "target": {
            "file": "src/filters/reframe_flac.c",
            "function": "flac_dmx_process"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/gpac/gpac/commit/da69ad1f970a7e17c865eaec9af98cc84df10d5b",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "102029437854238077049081131219035328767",
                "1758822345310994078902333647147355295",
                "91375987480369385241196899295650106496",
                "164621250167976074906983121855801251933",
                "173713928589759872021528131545224180852",
                "120156287496062208041479094701390957082",
                "134773658905465572514737648898400473062",
                "67876114723218513615781741177926374455",
                "211218421710624493902262592900065165246",
                "171764359295326514391450423514496630009",
                "231355731579607298891416484118488240950",
                "152456470730324089017527564619705188047",
                "225970606774595338019741053708735811980",
                "59026396062773415428220475118579893939"
            ]
        },
        "id": "CVE-2021-29279-8515935a",
        "deprecated": false,
        "target": {
            "file": "src/filters/reframe_flac.c"
        }
    }
]