CVE-2021-31260

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-31260
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31260.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-31260
Downstream
Published
2021-04-19T19:15:18.437Z
Modified
2025-11-20T11:44:13.034560Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

References

Affected packages

Git / github.com/gpac/gpac

Affected ranges

Type
GIT
Repo
https://github.com/gpac/gpac
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
df8fffd839fe5ae9acd82d26fd48280a397411d9

Affected versions

v0.*
v0.5.2
v0.6.0
v0.6.1
v0.7.0
v0.7.1
v0.8.0
v0.9.0
v0.9.0-preview
v1.*
v1.0.0
v1.0.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31260.json"
vanir_signatures 
[
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/gpac/gpac/commit/df8fffd839fe5ae9acd82d26fd48280a397411d9",
        "digest": {
            "function_hash": "335491776138243062977214169613928195094",
            "length": 22043.0
        },
        "id": "CVE-2021-31260-8e0aaebf",
        "deprecated": false,
        "target": {
            "file": "src/isomedia/track.c",
            "function": "MergeTrack"
        }
    },
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/gpac/gpac/commit/df8fffd839fe5ae9acd82d26fd48280a397411d9",
        "digest": {
            "line_hashes": [
                "332524135913515548166291284936394020187",
                "66684748315246422794487471379988225715",
                "234592134305524906353216475174714363829",
                "334297824493727778064126337640881454041",
                "16557750565410202671477080845639013702",
                "273942870660085098662702133124770611172",
                "207848608037353933314262012198414753929",
                "26276709931456932890240036060274974909",
                "144833264415557562291566183312048777532",
                "85215393866482497898822514383938464333",
                "273162639093632930735207659276392843815"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2021-31260-f75fbcb0",
        "deprecated": false,
        "target": {
            "file": "src/isomedia/track.c"
        }
    }
]