{"id":"CVE-2021-33364","details":"Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.","modified":"2026-04-11T17:25:57.792494Z","published":"2021-09-13T19:15:13.987Z","references":[{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5411"},{"type":"FIX","url":"https://github.com/gpac/gpac/commit/fe5155cf047252d1c4cb91602048bfa682af0ea7"},{"type":"FIX","url":"https://github.com/gpac/gpac/issues/1783"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gpac/gpac","events":[{"introduced":"0"},{"last_affected":"d8538e8ae946b32d99c6b2c57cbb327146e9cd9d"},{"fixed":"fe5155cf047252d1c4cb91602048bfa682af0ea7"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.0.1"}]}}],"versions":["v0.5.2","v0.6.0","v0.7.0","v0.7.1","v0.9.0","v0.9.0-preview","v1.0.0","v1.0.1"],"database_specific":{"vanir_signatures_modified":"2026-04-11T17:25:57Z","vanir_signatures":[{"signature_version":"v1","source":"https://github.com/gpac/gpac/commit/fe5155cf047252d1c4cb91602048bfa682af0ea7","target":{"file":"src/isomedia/isom_intern.c","function":"gf_isom_parse_movie_boxes_internal"},"deprecated":false,"id":"CVE-2021-33364-77dab79e","digest":{"length":13301,"function_hash":"223423912552931114097759049568591891683"},"signature_type":"Function"},{"signature_version":"v1","source":"https://github.com/gpac/gpac/commit/fe5155cf047252d1c4cb91602048bfa682af0ea7","target":{"file":"src/isomedia/isom_intern.c"},"deprecated":false,"id":"CVE-2021-33364-9ed6b284","digest":{"threshold":0.9,"line_hashes":["192002788294647570961132210103316462265","48465482772313338867877031409000081430","300710342515645620793960887718186287929","144339146887705604177811712246793411966"]},"signature_type":"Line"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33364.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}]}