{"id":"CVE-2021-31256","details":"Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.","modified":"2026-03-10T23:35:30.910136Z","published":"2021-04-19T19:15:18.203Z","references":[{"type":"WEB"},{"type":"FIX","url":"https://github.com/gpac/gpac/commit/2da2f68bffd51d89b1d272d22aa8cc023c1c066e"},{"type":"EVIDENCE","url":"https://github.com/gpac/gpac/issues/1705"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gpac/gpac","events":[{"introduced":"0"},{"last_affected":"d8538e8ae946b32d99c6b2c57cbb327146e9cd9d"},{"fixed":"2da2f68bffd51d89b1d272d22aa8cc023c1c066e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.0.1"}]}}],"versions":["v0.5.2","v0.6.0","v0.6.1","v0.7.0","v0.7.1","v0.8.0","v0.9.0","v0.9.0-preview","v1.0.0","v1.0.1"],"database_specific":{"vanir_signatures":[{"target":{"file":"src/isomedia/stbl_read.c"},"digest":{"threshold":0.9,"line_hashes":["271379964838622770638191838537824836551","74850478146093276797840713117210784655","21002431492837768195116458944965376348","10439252769331870000504154050764030868","270499913990714120200417959583955387157","71653203197305157759355907345428642969","192356018987768621237434183887153868824","30849309437551593067950658740262982675"]},"signature_type":"Line","signature_version":"v1","deprecated":false,"source":"https://github.com/gpac/gpac/commit/2da2f68bffd51d89b1d272d22aa8cc023c1c066e","id":"CVE-2021-31256-05ee90d3"},{"target":{"file":"src/isomedia/stbl_read.c","function":"stbl_GetSampleInfos"},"digest":{"length":4707,"function_hash":"178363004142591669781357107860031073898"},"signature_type":"Function","signature_version":"v1","deprecated":false,"source":"https://github.com/gpac/gpac/commit/2da2f68bffd51d89b1d272d22aa8cc023c1c066e","id":"CVE-2021-31256-83bd733c"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31256.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}]}