CVE-2021-31258
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-31258
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31258.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-31258
- Downstream
- Published
- 2021-04-19T19:15:18Z
- Modified
- 2025-10-21T06:22:05.211514Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The gfisomsetextractionslc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
- References
Affected packages
Git / github.com/gpac/gpac
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gpac/gpac
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.5.2
v0.6.0
v0.6.1
v0.7.0
v0.7.1
v0.8.0
v0.9.0
v0.9.0-preview
v1.*
v1.0.0
v1.0.1
Database specific
vanir_signatures
[
{
"deprecated": false,
"id": "CVE-2021-31258-3ba70ab4",
"source": "https://github.com/gpac/gpac/commit/ebfa346eff05049718f7b80041093b4c5581c24e",
"signature_version": "v1",
"target": {
"file": "src/isomedia/isom_read.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"270617900074585397401484796233809869972",
"266556905381068162363874736581927080072",
"128247643108269553959618366844869920155",
"151002184077632499010279979493437122930"
]
}
},
{
"deprecated": false,
"id": "CVE-2021-31258-802802f4",
"source": "https://github.com/gpac/gpac/commit/ebfa346eff05049718f7b80041093b4c5581c24e",
"signature_version": "v1",
"target": {
"file": "src/media_tools/isom_hinter.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"259652571069950963945971642835717277815",
"215728378582260301418390893771053441032",
"309570343603242213718214264290582359552",
"158326549550549045648789173518921490312"
]
}
},
{
"deprecated": false,
"id": "CVE-2021-31258-98bde890",
"source": "https://github.com/gpac/gpac/commit/ebfa346eff05049718f7b80041093b4c5581c24e",
"signature_version": "v1",
"target": {
"function": "gf_isom_guess_specification",
"file": "src/isomedia/isom_read.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "201795973519872899739681987433964370864",
"length": 3648.0
}
},
{
"deprecated": false,
"id": "CVE-2021-31258-b0a46259",
"source": "https://github.com/gpac/gpac/commit/ebfa346eff05049718f7b80041093b4c5581c24e",
"signature_version": "v1",
"target": {
"function": "gf_isom_set_extraction_slc",
"file": "src/isomedia/isom_write.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "212030541430037658386937552276659384204",
"length": 1038.0
}
},
{
"deprecated": false,
"id": "CVE-2021-31258-b987cc06",
"source": "https://github.com/gpac/gpac/commit/ebfa346eff05049718f7b80041093b4c5581c24e",
"signature_version": "v1",
"target": {
"function": "gf_hinter_track_new",
"file": "src/media_tools/isom_hinter.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "191501682910234544732100356540988623355",
"length": 10398.0
}
},
{
"deprecated": false,
"id": "CVE-2021-31258-fb702916",
"source": "https://github.com/gpac/gpac/commit/ebfa346eff05049718f7b80041093b4c5581c24e",
"signature_version": "v1",
"target": {
"file": "src/isomedia/isom_write.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"227718408228789048064985627527740910474",
"54977739924720519365670947084475811541",
"168597170443951711395261426255018734116",
"198785111809026613350662461408220335886",
"173339589024345270044873056453061851953",
"230281504719185982157164309706284803369",
"80623951809101107209873934467657455551",
"132786278438985534124625906195400243593",
"35380870174249906734613327619622366753",
"9083488159551905715355050900648687795",
"164644400157436864246531908615106085215",
"293507950621516326366231203972902870083",
"65466738529165524984898644288541299129",
"277399048657994215131697616686824185357",
"106105212666821748091817423852243024922",
"254564669850670643240633422548249399006"
]
}
}
]