CVE-2021-32439

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-32439
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32439.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-32439
Downstream
Published
2021-08-11T20:15:09.013Z
Modified
2025-11-20T11:46:12.465523Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

References

Affected packages

Git / github.com/gpac/gpac

Affected ranges

Type
GIT
Repo
https://github.com/gpac/gpac
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
77ed81c069e10b3861d88f72e1c6be1277ee7eae

Affected versions

v0.*

v0.5.2
v0.6.0
v0.6.1
v0.7.0
v0.7.1
v0.8.0
v0.9.0
v0.9.0-preview

v1.*

v1.0.0
v1.0.1

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "digest": {
            "length": 4611.0,
            "function_hash": "123794458640815118984718360529152940870"
        },
        "target": {
            "file": "src/isomedia/stbl_write.c",
            "function": "stbl_AddDTS"
        },
        "id": "CVE-2021-32439-422d88f4",
        "deprecated": false,
        "source": "https://github.com/gpac/gpac/commit/77ed81c069e10b3861d88f72e1c6be1277ee7eae",
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "digest": {
            "length": 890.0,
            "function_hash": "298552675273220711489201182186893089691"
        },
        "target": {
            "file": "src/isomedia/stbl_write.c",
            "function": "stbl_AppendTime"
        },
        "id": "CVE-2021-32439-52149c99",
        "deprecated": false,
        "source": "https://github.com/gpac/gpac/commit/77ed81c069e10b3861d88f72e1c6be1277ee7eae",
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "digest": {
            "length": 5997.0,
            "function_hash": "208874144080674718611489691211578145465"
        },
        "target": {
            "file": "src/isomedia/stbl_write.c",
            "function": "stbl_AddChunkOffset"
        },
        "id": "CVE-2021-32439-ca15ad67",
        "deprecated": false,
        "source": "https://github.com/gpac/gpac/commit/77ed81c069e10b3861d88f72e1c6be1277ee7eae",
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "166032912111875988929111981253907140904",
                "199122787194570012143318277076288619407",
                "281021056689584557327295362094573507565",
                "53352376418204477949430871009770090266",
                "148272570280179112419587663550882091612",
                "107001366160591794051231189052152425643",
                "262983910483190538087105688543468339051",
                "221870232528846659171467315710844747007",
                "66452012152357215441610872563401647717",
                "189469142762455242945752665692937941321",
                "20969167432025761750052434577878098463",
                "326768849421052081946010889979675846500",
                "186187910658105780610238545354326630102",
                "241999622308505854327130699594908446948",
                "69709599531014784809475330050788388979",
                "313035295334709603400179931620040632829",
                "66522578182440368455069990063226487586",
                "243349614427246454365577756505264575093",
                "103906317357822212696177095834791618162",
                "23269792944555009451495171470781764725",
                "34549760658485307215155868156018915820",
                "22621639889775245589099762646904401578",
                "106016281376119068975105588382781037963",
                "83244715432652192432763247922901399433",
                "117658136471332608554430193744234701046",
                "331563094779233042400212101583936433335",
                "53928105674969922879612421081835468181",
                "176418657516172909430937439151601757570",
                "118771672627793734236234668767634455961",
                "124963007736476774773005051543951308049",
                "192913639526626040227511307007397430187",
                "153761019933080817370938994484900652188",
                "328654064858404860723364765399435738554",
                "295490608616258576634910939301364024983",
                "198240390473654453520714687522368572443",
                "25244826336076158455862281617071243944",
                "34607743003222779741096987814062539274",
                "29781777762256699328168926968144328388",
                "13895221251766257263218787802974902618",
                "292525977930467617667243025856230830930",
                "34404303811641469098570222033856975058",
                "238539356253934822329271079252522779323",
                "197077758746301572890088977985090438554",
                "224371703174224738420877364708066002442",
                "320953245330654945238210980941665682894",
                "16722020918582208542012712460673447849",
                "386909778622937151814380298847070996",
                "9953531278855481786700130018987559733",
                "326383341403882407403002136909727175044",
                "260843665783950633996799072042453939937",
                "332313255520907218322566657968614443935",
                "71943737513057830998868343053832660801",
                "61200905405841603777681970471390245183",
                "140571107094482785638665118602286186643",
                "210036229630993000779415848208659109859",
                "13262706665064948463611545971829285075",
                "115034499580032040253632617169118088588",
                "35612582711940417108900597683897312665",
                "232434715796460353468571135541327705757",
                "130004253646099210813399763815522987671",
                "67214259141151108360005777790624399237",
                "302741018222857096591823089781921678145",
                "178240913664505972126323173811251566638",
                "51299059973009348823168589074619628959",
                "323812620509592720682342725480742176401",
                "18254055941462135636337144221501412902",
                "121944839467340934961162810694119678396",
                "71258288849521752817939300492040751142",
                "183810356183343933866434186991876316108",
                "73962130732300981423133204048947609871",
                "181826696785888750824213388470332539715",
                "65959055039130497060180347537844447355",
                "164961384965896015559583624756107671297",
                "284946706611195533496152468122195412199",
                "335314214661801466520531372047434334275",
                "335723873497079359719174544288690299397",
                "125852362008446993442079942284616937023",
                "207175154484293899842623726291875881993",
                "76032301666325201621637288445790861587",
                "17557715981476458250923665545095586930",
                "202098583067724485995460159256877256529",
                "156462342618099260035644455706168415307",
                "56010455181458812948311694229202139223",
                "52331985876254096286986645529982096612",
                "241954005931822327084267358185573151825",
                "107123997340144723776228999672151092761",
                "154465589642508326940562320810625079605",
                "206274183436864522421351125916402762140",
                "151860666159400132328730096320696536510",
                "266869572244302573175449681229576940226",
                "180921689420534284221065425967514844517",
                "292927474122597004640652970567137026877",
                "230698931213156920899415570383679323905",
                "52594038170714246242809429888948635725",
                "154976079662723526668458786165404591440",
                "131646133548788297170388266191927297514",
                "98178221393955635548984922215084413709",
                "249380121498058947288356420856136951106"
            ]
        },
        "target": {
            "file": "src/isomedia/stbl_write.c"
        },
        "id": "CVE-2021-32439-d9f5e181",
        "deprecated": false,
        "source": "https://github.com/gpac/gpac/commit/77ed81c069e10b3861d88f72e1c6be1277ee7eae",
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "digest": {
            "length": 2268.0,
            "function_hash": "103468472459548747226302019083898002716"
        },
        "target": {
            "file": "src/isomedia/stbl_write.c",
            "function": "stbl_AddSize"
        },
        "id": "CVE-2021-32439-eb0922b7",
        "deprecated": false,
        "source": "https://github.com/gpac/gpac/commit/77ed81c069e10b3861d88f72e1c6be1277ee7eae",
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "digest": {
            "length": 1775.0,
            "function_hash": "141500238809855740879086345170714157593"
        },
        "target": {
            "file": "src/isomedia/stbl_write.c",
            "function": "stbl_AppendSize"
        },
        "id": "CVE-2021-32439-ed678e86",
        "deprecated": false,
        "source": "https://github.com/gpac/gpac/commit/77ed81c069e10b3861d88f72e1c6be1277ee7eae",
        "signature_type": "Function"
    }
]