CVE-2021-32437

The gfhinterfinalize function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

References

Affected packages

Git / github.com/gpac/gpac

Affected ranges

Type

GIT

Repo

https://github.com/gpac/gpac

Events

Introduced

Last affected

d8538e8ae946b32d99c6b2c57cbb327146e9cd9d

Fixed

1653f31cf874eb6df964bea88d58d8e9b98b485e

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.1"
        }
    ]
}

Affected versions

v0.*

v0.5.2

v0.6.0

v0.7.0

v0.7.1

v0.9.0

v0.9.0-preview

v1.*

v1.0.0

v1.0.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32437.json"

vanir_signatures

[
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 4800.0,
            "function_hash": "194204691264019566768488394689342251782"
        },
        "source": "https://github.com/gpac/gpac/commit/1653f31cf874eb6df964bea88d58d8e9b98b485e",
        "target": {
            "function": "gf_hinter_finalize",
            "file": "src/media_tools/isom_hinter.c"
        },
        "id": "CVE-2021-32437-a7edfa50"
    },
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "103586568485483611519689273742001225406",
                "60929300478513982591588198347846724010",
                "283511247629345158603883919141433398839",
                "131230762748847286345724969974075404722"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/gpac/gpac/commit/1653f31cf874eb6df964bea88d58d8e9b98b485e",
        "target": {
            "file": "src/media_tools/isom_hinter.c"
        },
        "id": "CVE-2021-32437-d5152505"
    }
]

vanir_signatures_modified

"2026-04-11T17:12:34Z"