{"id":"CVE-2021-30020","details":"In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with crafted file, pps-\u003enum_tile_columns may be larger than sizeof(pps-\u003ecolumn_width), which results in a heap overflow in the loop.","modified":"2026-04-11T17:12:20.338165Z","published":"2021-04-19T20:15:14.550Z","references":[{"type":"FIX","url":"https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788"},{"type":"EVIDENCE","url":"https://github.com/gpac/gpac/issues/1722"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gpac/gpac","events":[{"introduced":"0"},{"last_affected":"d8538e8ae946b32d99c6b2c57cbb327146e9cd9d"},{"fixed":"51cdb67ff7c5f1242ac58c5aa603ceaf1793b788"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.0.1"}]}}],"versions":["v0.5.2","v0.6.0","v0.7.0","v0.7.1","v0.9.0","v0.9.0-preview","v1.0.0","v1.0.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-30020.json","vanir_signatures":[{"target":{"file":"src/media_tools/av_parsers.c","function":"vvc_parse_picture_header"},"deprecated":false,"signature_type":"Function","source":"https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788","signature_version":"v1","digest":{"length":1301,"function_hash":"163682271653598571398554124560390735302"},"id":"CVE-2021-30020-04fc7c2a"},{"target":{"file":"src/media_tools/av_parsers.c","function":"gf_avc_read_pps_bs_internal"},"deprecated":false,"signature_type":"Function","source":"https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788","signature_version":"v1","digest":{"length":2855,"function_hash":"262018588545630064517022468555047045939"},"id":"CVE-2021-30020-195ae17c"},{"target":{"file":"src/media_tools/av_parsers.c","function":"gf_hevc_read_vps_bs_internal"},"deprecated":false,"signature_type":"Function","source":"https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788","signature_version":"v1","digest":{"length":3723,"function_hash":"44656495786871552651365210289763165329"},"id":"CVE-2021-30020-7b3edf52"},{"target":{"file":"src/media_tools/av_parsers.c","function":"gf_media_vvc_read_vps_bs_internal"},"deprecated":false,"signature_type":"Function","source":"https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788","signature_version":"v1","digest":{"length":2726,"function_hash":"165998876284320094119114259215226018602"},"id":"CVE-2021-30020-8e506a3b"},{"target":{"file":"src/media_tools/av_parsers.c"},"deprecated":false,"signature_type":"Line","source":"https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788","signature_version":"v1","digest":{"line_hashes":["110208707470286150858067506138220569914","98782010423946267747011922827153417949","21048521306307308988835571795573800463","90850271639771947401603333673775963037","151720949686606049977143975933246580151","208192762215337895309315396396947942047","23283913592750440660978494639428481778","33114920833879111287327120189042263466","81283433268427409809699114083916395988","159329886304506009945508498931004254301","281304626694050811786273510621162724281","73448052576143428051555378970401270444","144429241417480294700446129745350659288","43491494147523441384000519212282865383","317399275748496376415397896151801280848","195319028489182833347951731709967882395","48050224642598119434378811068251041403","203107807955899760284732971335024815380","93824764322289517383203463346843918085","54217064946941302759850736769931312316","80583126934777089547268797468297115956","64794169654927005043077505539934210159","114318332599764595860639298556021771126","148024202565163252766606874700350657106","18515985248865627157304542229858287742","12166237559877507337942589067084813528","105270757608562872686188817295377786323","338195947069492420160611405000529923350","127654823715241084307389805266475517956","101186552386524883860187795223667842672","223465952026224582676542762537670212283","203540992032355141772153364576135971711","214360690900325846606520250376896444429","259670122912227799175485424113461203726","321943852989973112810590236318310517525","204907126678229134915835020026623712613","313113376530608194561271852826466110683","146973731155644942025370702107869561831","246446851352120211201284521048193498590","250750593002460850218944197231734101028","144201768402259241048118430592809326720","12166237559877507337942589067084813528","184492964976714753865907557303009113773","62878141402021660365877425525254909288","102166488318837135157873782414529471886","198061268879069676248147331095428087094","270281051404575733995644680194709978353","177823716785154309296474024891216842564","127631328506792762329274827970250372254","42643749651483997976553489954664021359","213869759856646663972802324242251711190"],"threshold":0.9},"id":"CVE-2021-30020-a51dd4fd"},{"target":{"file":"src/media_tools/av_parsers.c","function":"gf_media_vvc_read_sps_bs_internal"},"deprecated":false,"signature_type":"Function","source":"https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788","signature_version":"v1","digest":{"length":7430,"function_hash":"300032223680305035702511662606225527632"},"id":"CVE-2021-30020-acc647e0"},{"target":{"file":"src/media_tools/av_parsers.c","function":"gf_hevc_read_pps_bs_internal"},"deprecated":false,"signature_type":"Function","source":"https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788","signature_version":"v1","digest":{"length":4355,"function_hash":"188403236660457392032281753261818334969"},"id":"CVE-2021-30020-ba951911"},{"target":{"file":"src/media_tools/av_parsers.c","function":"hevc_parse_slice_segment"},"deprecated":false,"signature_type":"Function","source":"https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788","signature_version":"v1","digest":{"length":7013,"function_hash":"207620648659157606688788547573816389847"},"id":"CVE-2021-30020-c7ba5247"},{"target":{"file":"src/media_tools/av_parsers.c","function":"gf_hevc_read_sps_bs_internal"},"deprecated":false,"signature_type":"Function","source":"https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788","signature_version":"v1","digest":{"length":11427,"function_hash":"117620913892238943546586071292385488845"},"id":"CVE-2021-30020-da9a5f5a"},{"target":{"file":"src/media_tools/av_parsers.c","function":"gf_media_vvc_read_pps_bs_internal"},"deprecated":false,"signature_type":"Function","source":"https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788","signature_version":"v1","digest":{"length":2433,"function_hash":"283548452786719425935693667113475098260"},"id":"CVE-2021-30020-ebeedf77"},{"target":{"file":"src/media_tools/av_parsers.c","function":"gf_avc_read_sps_bs_internal"},"deprecated":false,"signature_type":"Function","source":"https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788","signature_version":"v1","digest":{"length":10205,"function_hash":"289209646864911431292425219113205501231"},"id":"CVE-2021-30020-fcccf6a4"}],"vanir_signatures_modified":"2026-04-11T17:12:20Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}