The gfhinterfinalize function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
[
{
"digest": {
"function_hash": "194204691264019566768488394689342251782",
"length": 4800.0
},
"target": {
"function": "gf_hinter_finalize",
"file": "src/media_tools/isom_hinter.c"
},
"id": "CVE-2021-32437-a7edfa50",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/gpac/gpac/commit/1653f31cf874eb6df964bea88d58d8e9b98b485e",
"deprecated": false
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"103586568485483611519689273742001225406",
"60929300478513982591588198347846724010",
"283511247629345158603883919141433398839",
"131230762748847286345724969974075404722"
]
},
"target": {
"file": "src/media_tools/isom_hinter.c"
},
"id": "CVE-2021-32437-d5152505",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/gpac/gpac/commit/1653f31cf874eb6df964bea88d58d8e9b98b485e",
"deprecated": false
}
]
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32437.json"
"2026-07-09T00:05:40Z"