{"id":"CVE-2021-31262","details":"The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.","modified":"2026-04-11T17:12:26.140566Z","published":"2021-04-19T19:15:18.577Z","references":[{"type":"FIX","url":"https://github.com/gpac/gpac/commit/b2eab95e07cb5819375a50358d4806a8813b6e50"},{"type":"EVIDENCE","url":"https://github.com/gpac/gpac/issues/1738"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gpac/gpac","events":[{"introduced":"0"},{"last_affected":"d8538e8ae946b32d99c6b2c57cbb327146e9cd9d"},{"fixed":"b2eab95e07cb5819375a50358d4806a8813b6e50"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.0.1"}]}}],"versions":["v0.5.2","v0.6.0","v0.7.0","v0.7.1","v0.9.0","v0.9.0-preview","v1.0.0","v1.0.1"],"database_specific":{"vanir_signatures_modified":"2026-04-11T17:12:26Z","vanir_signatures":[{"signature_type":"Function","deprecated":false,"digest":{"function_hash":"171931667066792198187769673904747214801","length":588},"signature_version":"v1","source":"https://github.com/gpac/gpac/commit/b2eab95e07cb5819375a50358d4806a8813b6e50","id":"CVE-2021-31262-9465b1e5","target":{"file":"src/isomedia/avc_ext.c","function":"gf_isom_av1_config_get"}},{"signature_type":"Line","deprecated":false,"digest":{"line_hashes":["247291634588424697610810039131654530737","176422099514206979543335388140707586494","269046133183686191219941028400761561449","134675652138491522443615927889994225586","18987815954972589176828380458224583412","37626700537071308498154276675350427352","65518661638453303631968316198865381232","133082178978553006112709492197247875131","101460720550159445199736183118792473044","37268567774305733487798192174292745485","70188106941334248530586398048017413348","130452226677282913404296419475473502135"],"threshold":0.9},"signature_version":"v1","source":"https://github.com/gpac/gpac/commit/b2eab95e07cb5819375a50358d4806a8813b6e50","id":"CVE-2021-31262-9abf0d0f","target":{"file":"src/isomedia/avc_ext.c"}},{"signature_type":"Function","deprecated":false,"digest":{"function_hash":"285958518593166966163525496266564232464","length":886},"signature_version":"v1","source":"https://github.com/gpac/gpac/commit/b2eab95e07cb5819375a50358d4806a8813b6e50","id":"CVE-2021-31262-f1361b3e","target":{"file":"src/isomedia/avc_ext.c","function":"AV1_RewriteESDescriptorEx"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31262.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}