CVE-2021-30014
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-30014
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-30014.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-30014
- Downstream
- Published
- 2021-04-19T20:15:14Z
- Modified
- 2025-10-14T18:21:42.199361Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
There is a integer overflow in mediatools/avparsers.c in the hevcparseslice_segment function in GPAC from v0.9.0-preview to 1.0.1 which results in a crash.
- References
Affected packages
Git / github.com/gpac/gpac
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gpac/gpac
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.5.2
v0.6.0
v0.6.1
v0.7.0
v0.7.1
v0.8.0
v0.9.0
v0.9.0-preview
v1.*
v1.0.0
v1.0.1
Database specific
{
"vanir_signatures": [
{
"deprecated": false,
"target": {
"file": "src/media_tools/av_parsers.c",
"function": "vvc_parse_picture_header"
},
"signature_type": "Function",
"digest": {
"function_hash": "163682271653598571398554124560390735302",
"length": 1301.0
},
"id": "CVE-2021-30014-04fc7c2a",
"source": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "src/media_tools/av_parsers.c",
"function": "gf_avc_read_pps_bs_internal"
},
"signature_type": "Function",
"digest": {
"function_hash": "262018588545630064517022468555047045939",
"length": 2855.0
},
"id": "CVE-2021-30014-195ae17c",
"source": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "src/media_tools/av_parsers.c",
"function": "gf_hevc_read_vps_bs_internal"
},
"signature_type": "Function",
"digest": {
"function_hash": "44656495786871552651365210289763165329",
"length": 3723.0
},
"id": "CVE-2021-30014-7b3edf52",
"source": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "src/media_tools/av_parsers.c",
"function": "gf_media_vvc_read_vps_bs_internal"
},
"signature_type": "Function",
"digest": {
"function_hash": "165998876284320094119114259215226018602",
"length": 2726.0
},
"id": "CVE-2021-30014-8e506a3b",
"source": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "src/media_tools/av_parsers.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"110208707470286150858067506138220569914",
"98782010423946267747011922827153417949",
"21048521306307308988835571795573800463",
"90850271639771947401603333673775963037",
"151720949686606049977143975933246580151",
"208192762215337895309315396396947942047",
"23283913592750440660978494639428481778",
"33114920833879111287327120189042263466",
"81283433268427409809699114083916395988",
"159329886304506009945508498931004254301",
"281304626694050811786273510621162724281",
"73448052576143428051555378970401270444",
"144429241417480294700446129745350659288",
"43491494147523441384000519212282865383",
"317399275748496376415397896151801280848",
"195319028489182833347951731709967882395",
"48050224642598119434378811068251041403",
"203107807955899760284732971335024815380",
"93824764322289517383203463346843918085",
"54217064946941302759850736769931312316",
"80583126934777089547268797468297115956",
"64794169654927005043077505539934210159",
"114318332599764595860639298556021771126",
"148024202565163252766606874700350657106",
"18515985248865627157304542229858287742",
"12166237559877507337942589067084813528",
"105270757608562872686188817295377786323",
"338195947069492420160611405000529923350",
"127654823715241084307389805266475517956",
"101186552386524883860187795223667842672",
"223465952026224582676542762537670212283",
"203540992032355141772153364576135971711",
"214360690900325846606520250376896444429",
"259670122912227799175485424113461203726",
"321943852989973112810590236318310517525",
"204907126678229134915835020026623712613",
"313113376530608194561271852826466110683",
"146973731155644942025370702107869561831",
"246446851352120211201284521048193498590",
"250750593002460850218944197231734101028",
"144201768402259241048118430592809326720",
"12166237559877507337942589067084813528",
"184492964976714753865907557303009113773",
"62878141402021660365877425525254909288",
"102166488318837135157873782414529471886",
"198061268879069676248147331095428087094",
"270281051404575733995644680194709978353",
"177823716785154309296474024891216842564",
"127631328506792762329274827970250372254",
"42643749651483997976553489954664021359",
"213869759856646663972802324242251711190"
]
},
"id": "CVE-2021-30014-a51dd4fd",
"source": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "src/media_tools/av_parsers.c",
"function": "gf_media_vvc_read_sps_bs_internal"
},
"signature_type": "Function",
"digest": {
"function_hash": "300032223680305035702511662606225527632",
"length": 7430.0
},
"id": "CVE-2021-30014-acc647e0",
"source": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "src/media_tools/av_parsers.c",
"function": "gf_hevc_read_pps_bs_internal"
},
"signature_type": "Function",
"digest": {
"function_hash": "188403236660457392032281753261818334969",
"length": 4355.0
},
"id": "CVE-2021-30014-ba951911",
"source": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "src/media_tools/av_parsers.c",
"function": "hevc_parse_slice_segment"
},
"signature_type": "Function",
"digest": {
"function_hash": "207620648659157606688788547573816389847",
"length": 7013.0
},
"id": "CVE-2021-30014-c7ba5247",
"source": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "src/media_tools/av_parsers.c",
"function": "gf_hevc_read_sps_bs_internal"
},
"signature_type": "Function",
"digest": {
"function_hash": "117620913892238943546586071292385488845",
"length": 11427.0
},
"id": "CVE-2021-30014-da9a5f5a",
"source": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "src/media_tools/av_parsers.c",
"function": "gf_media_vvc_read_pps_bs_internal"
},
"signature_type": "Function",
"digest": {
"function_hash": "283548452786719425935693667113475098260",
"length": 2433.0
},
"id": "CVE-2021-30014-ebeedf77",
"source": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "src/media_tools/av_parsers.c",
"function": "gf_avc_read_sps_bs_internal"
},
"signature_type": "Function",
"digest": {
"function_hash": "289209646864911431292425219113205501231",
"length": 10205.0
},
"id": "CVE-2021-30014-fcccf6a4",
"source": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788",
"signature_version": "v1"
}
]
}