CVE-2021-30014

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-30014
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-30014.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-30014
Downstream
Published
2021-04-19T20:15:14.363Z
Modified
2025-11-20T11:43:17.441876Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

There is a integer overflow in mediatools/avparsers.c in the hevcparseslice_segment function in GPAC from v0.9.0-preview to 1.0.1 which results in a crash.

References

Affected packages

Git / github.com/gpac/gpac

Affected ranges

Type
GIT
Repo
https://github.com/gpac/gpac
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
51cdb67ff7c5f1242ac58c5aa603ceaf1793b788

Affected versions

v0.*

v0.5.2
v0.6.0
v0.6.1
v0.7.0
v0.7.1
v0.8.0
v0.9.0
v0.9.0-preview

v1.*

v1.0.0
v1.0.1

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "source": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788",
        "deprecated": false,
        "target": {
            "file": "src/media_tools/av_parsers.c",
            "function": "vvc_parse_picture_header"
        },
        "id": "CVE-2021-30014-04fc7c2a",
        "signature_type": "Function",
        "digest": {
            "function_hash": "163682271653598571398554124560390735302",
            "length": 1301.0
        }
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788",
        "deprecated": false,
        "target": {
            "file": "src/media_tools/av_parsers.c",
            "function": "gf_avc_read_pps_bs_internal"
        },
        "id": "CVE-2021-30014-195ae17c",
        "signature_type": "Function",
        "digest": {
            "function_hash": "262018588545630064517022468555047045939",
            "length": 2855.0
        }
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788",
        "deprecated": false,
        "target": {
            "file": "src/media_tools/av_parsers.c",
            "function": "gf_hevc_read_vps_bs_internal"
        },
        "id": "CVE-2021-30014-7b3edf52",
        "signature_type": "Function",
        "digest": {
            "function_hash": "44656495786871552651365210289763165329",
            "length": 3723.0
        }
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788",
        "deprecated": false,
        "target": {
            "file": "src/media_tools/av_parsers.c",
            "function": "gf_media_vvc_read_vps_bs_internal"
        },
        "id": "CVE-2021-30014-8e506a3b",
        "signature_type": "Function",
        "digest": {
            "function_hash": "165998876284320094119114259215226018602",
            "length": 2726.0
        }
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788",
        "deprecated": false,
        "target": {
            "file": "src/media_tools/av_parsers.c"
        },
        "id": "CVE-2021-30014-a51dd4fd",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "110208707470286150858067506138220569914",
                "98782010423946267747011922827153417949",
                "21048521306307308988835571795573800463",
                "90850271639771947401603333673775963037",
                "151720949686606049977143975933246580151",
                "208192762215337895309315396396947942047",
                "23283913592750440660978494639428481778",
                "33114920833879111287327120189042263466",
                "81283433268427409809699114083916395988",
                "159329886304506009945508498931004254301",
                "281304626694050811786273510621162724281",
                "73448052576143428051555378970401270444",
                "144429241417480294700446129745350659288",
                "43491494147523441384000519212282865383",
                "317399275748496376415397896151801280848",
                "195319028489182833347951731709967882395",
                "48050224642598119434378811068251041403",
                "203107807955899760284732971335024815380",
                "93824764322289517383203463346843918085",
                "54217064946941302759850736769931312316",
                "80583126934777089547268797468297115956",
                "64794169654927005043077505539934210159",
                "114318332599764595860639298556021771126",
                "148024202565163252766606874700350657106",
                "18515985248865627157304542229858287742",
                "12166237559877507337942589067084813528",
                "105270757608562872686188817295377786323",
                "338195947069492420160611405000529923350",
                "127654823715241084307389805266475517956",
                "101186552386524883860187795223667842672",
                "223465952026224582676542762537670212283",
                "203540992032355141772153364576135971711",
                "214360690900325846606520250376896444429",
                "259670122912227799175485424113461203726",
                "321943852989973112810590236318310517525",
                "204907126678229134915835020026623712613",
                "313113376530608194561271852826466110683",
                "146973731155644942025370702107869561831",
                "246446851352120211201284521048193498590",
                "250750593002460850218944197231734101028",
                "144201768402259241048118430592809326720",
                "12166237559877507337942589067084813528",
                "184492964976714753865907557303009113773",
                "62878141402021660365877425525254909288",
                "102166488318837135157873782414529471886",
                "198061268879069676248147331095428087094",
                "270281051404575733995644680194709978353",
                "177823716785154309296474024891216842564",
                "127631328506792762329274827970250372254",
                "42643749651483997976553489954664021359",
                "213869759856646663972802324242251711190"
            ]
        }
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788",
        "deprecated": false,
        "target": {
            "file": "src/media_tools/av_parsers.c",
            "function": "gf_media_vvc_read_sps_bs_internal"
        },
        "id": "CVE-2021-30014-acc647e0",
        "signature_type": "Function",
        "digest": {
            "function_hash": "300032223680305035702511662606225527632",
            "length": 7430.0
        }
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788",
        "deprecated": false,
        "target": {
            "file": "src/media_tools/av_parsers.c",
            "function": "gf_hevc_read_pps_bs_internal"
        },
        "id": "CVE-2021-30014-ba951911",
        "signature_type": "Function",
        "digest": {
            "function_hash": "188403236660457392032281753261818334969",
            "length": 4355.0
        }
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788",
        "deprecated": false,
        "target": {
            "file": "src/media_tools/av_parsers.c",
            "function": "hevc_parse_slice_segment"
        },
        "id": "CVE-2021-30014-c7ba5247",
        "signature_type": "Function",
        "digest": {
            "function_hash": "207620648659157606688788547573816389847",
            "length": 7013.0
        }
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788",
        "deprecated": false,
        "target": {
            "file": "src/media_tools/av_parsers.c",
            "function": "gf_hevc_read_sps_bs_internal"
        },
        "id": "CVE-2021-30014-da9a5f5a",
        "signature_type": "Function",
        "digest": {
            "function_hash": "117620913892238943546586071292385488845",
            "length": 11427.0
        }
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788",
        "deprecated": false,
        "target": {
            "file": "src/media_tools/av_parsers.c",
            "function": "gf_media_vvc_read_pps_bs_internal"
        },
        "id": "CVE-2021-30014-ebeedf77",
        "signature_type": "Function",
        "digest": {
            "function_hash": "283548452786719425935693667113475098260",
            "length": 2433.0
        }
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788",
        "deprecated": false,
        "target": {
            "file": "src/media_tools/av_parsers.c",
            "function": "gf_avc_read_sps_bs_internal"
        },
        "id": "CVE-2021-30014-fcccf6a4",
        "signature_type": "Function",
        "digest": {
            "function_hash": "289209646864911431292425219113205501231",
            "length": 10205.0
        }
    }
]