{"id":"CVE-2021-32139","details":"The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.","modified":"2026-04-11T17:12:32.642905Z","published":"2021-09-13T20:15:08.453Z","references":[{"type":"FIX","url":"https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e"},{"type":"FIX","url":"https://github.com/gpac/gpac/issues/1768"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gpac/gpac","events":[{"introduced":"0"},{"last_affected":"d8538e8ae946b32d99c6b2c57cbb327146e9cd9d"},{"fixed":"d527325a9b72218612455a534a508f9e1753f76e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.0.1"}]}}],"versions":["v0.5.2","v0.6.0","v0.7.0","v0.7.1","v0.9.0","v0.9.0-preview","v1.0.0","v1.0.1"],"database_specific":{"vanir_signatures":[{"digest":{"function_hash":"237968198025287730497278046080546756612","length":1910},"signature_version":"v1","source":"https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e","target":{"function":"gf_isom_get_text_description","file":"src/isomedia/tx3g.c"},"signature_type":"Function","id":"CVE-2021-32139-16f79513","deprecated":false},{"digest":{"line_hashes":["314785598400476081907897238159561446937","39297982965263165565234316539076606797","34322946281552202088595959474532645289","285107619871607307888591408733038828255","257111622780443167208806087646289525885","85185535301096179344231771274441173797","279677124283244174790275238594249504435","206864044985832265162432951056494300870","168618130679097175487488998805082612676","257053256992759656791742847666193675691","244132099374000443547666702509300159768","31375969149732438609322652487828466167","44873374323019326336982078405001050449","114138140723343393433035491474634165369","23082016861813058947151327822774095254","308967239904125365961945103152494675144","227675292034094446003216056566700084323","220286351252232516281493729002490116721","217234754033634237003552242652390877581","109760038750350817143792751821466089892","295407536924397632196673753409328116023","228051851339683722809305412065117898674","308730031140425239765947448248414622977","246968027949005556914415780564038289749","296503348982262503707375084473248799052","282252155678078993098140495413193568535","68460045410011096045969399512702540738","317019395323972395554783984558286523090","37479776102755410563788087056567371074","175784360440870747158566697339778243306","172095803706897062121514600646053043276","31549104532044918314625825944209711736","294359791652996728909039812981901845124","282969845068269812628089583044728116931","258694831439777861426791892591122940840","203536563993011916490702185429858434718","24073279700481631868398847479259856656","58742753115478329581632494208145514915","340263339847363552894914272003526871911","245298402067330600975784376478185092131","175371348084086555765771930078985543015","205795789955740096482638626211305602670","316941333985640756683483868744687118512","192579263994406965005171305047732993932","303268707351446405650043909956348071051","250616904384506900483071003779364389313","41608842365932223245597927901603918572","201852284568133914910227845503858422981","131137358962252216733174986579645592529","148408378120403051787345157103782078626","42861754456477393570358219732213027911","313319317403965280681606233236259805559","148125766157798230576646270529186746697","118182429750893834056005815395214159309","165435521818185160482176695642924267762","20848950988210126211258341735165239398","186967395851973750512376237371630099265","2100240553790073027983183875632815816","94689611042767137106019586586957190428","313533580369414163668503212648576297151","178249859741969799176040262464192087792","194062244923396086516974122010465819537","17220389345554546867886316036904372312","55364458400802032605125552813046819274","270901686550785045667887720148360045760","234810311156630130145359495211673420426","54636643295782312575205087132080828016","162136457625484191309414490101456737036","19154808868759158709538166832441640028","169561987481342862568023467199818917274","262340676552882396808780221747176244289","25881981587087205534163815370403645412","48220963583463270504224430892670210447","264425142174982012229227408252417659542","271683715246420809068262789279732926059","300883872089050671479649920941773393456","275732191754411884295033051013969036802","290898792987293166284938776282661523610","69183823234019597768523776499385809544","244816572546749414317786186533888233942","222586068336852920962938785449947072707"],"threshold":0.9},"signature_version":"v1","source":"https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e","target":{"file":"src/isomedia/tx3g.c"},"signature_type":"Line","id":"CVE-2021-32139-49507d11","deprecated":false},{"digest":{"line_hashes":["38811826838820224488015634239327678321","263613655721477377610540246185571983269","302269737319911021101065730842824275454","167952357205358234796591051514868791684","69239800199507256686067185848353177220","231617734589275814423619520159454821002","111541327350802540725435329213317145302","109866006735512793479221135001397696538","55485089266698408167068835278507305258","164384379285679161155987494812096654528","296927275633329689543179743811297018020","63469577542039336294027575919960521305","263174592481182145474754368004770463108","1473117532013400888084092736948736155","206820618185766992297318959715442950880"],"threshold":0.9},"signature_version":"v1","source":"https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e","target":{"file":"src/isomedia/box_funcs.c"},"signature_type":"Line","id":"CVE-2021-32139-50039832","deprecated":false},{"digest":{"line_hashes":["12055172403992548730795136303354161660","308095729992416141003569703757282138897","98611018454690950159235941658981408195","267997682663762260374231981539009650643","308781871567122149659040653472175983838","83589916458171227010361836279844736216","88517728134222866971719757909439514182","268651379344161174606453056379209462408","312190664333600473880856078858358819169","221570157451691373763647823878697318981","56633319245266878862185750046832313480","60868136641449603796186084927289976381","195359538506858381161477763924039383583","147424277785275130902791201115832686513"],"threshold":0.9},"signature_version":"v1","source":"https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e","target":{"file":"src/isomedia/box_code_3gpp.c"},"signature_type":"Line","id":"CVE-2021-32139-6d5be07d","deprecated":false},{"digest":{"function_hash":"152433529439738543331564381871644881425","length":6409},"signature_version":"v1","source":"https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e","target":{"function":"gf_isom_box_parse_ex","file":"src/isomedia/box_funcs.c"},"signature_type":"Function","id":"CVE-2021-32139-94f0b043","deprecated":false},{"digest":{"function_hash":"132855409650819043526539791724461030622","length":2120},"signature_version":"v1","source":"https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e","target":{"function":"text_box_read","file":"src/isomedia/box_code_3gpp.c"},"signature_type":"Function","id":"CVE-2021-32139-95af0530","deprecated":false},{"digest":{"function_hash":"9070089677767129232421059759517367989","length":2025},"signature_version":"v1","source":"https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e","target":{"function":"gf_isom_write_tx3g","file":"src/isomedia/tx3g.c"},"signature_type":"Function","id":"CVE-2021-32139-9c6f0ca6","deprecated":false},{"digest":{"function_hash":"32361000984150640446780565440379925143","length":182},"signature_version":"v1","source":"https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e","target":{"function":"text_box_size","file":"src/isomedia/box_code_3gpp.c"},"signature_type":"Function","id":"CVE-2021-32139-fe9a1645","deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32139.json","vanir_signatures_modified":"2026-04-11T17:12:32Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}