{"id":"CVE-2021-40564","details":"A Segmentation fault caused by null pointer dereference vulnerability eists in Gpac through 1.0.2 via the avc_parse_slice function in av_parsers.c when using mp4box, which causes a denial of service.","modified":"2026-04-11T21:23:22.247439Z","published":"2022-01-12T22:15:07.847Z","references":[{"type":"ADVISORY","url":"https://github.com/gpac/gpac/issues/1898"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5411"},{"type":"FIX","url":"https://github.com/gpac/gpac/commit/cf6771c857eb9a290e2c19ddacfdd3ed98b27618"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gpac/gpac","events":[{"introduced":"0"},{"fixed":"cf6771c857eb9a290e2c19ddacfdd3ed98b27618"}]},{"type":"GIT","repo":"https://github.com/gpac/gpac","events":[{"introduced":"0"},{"fixed":"cf6771c857eb9a290e2c19ddacfdd3ed98b27618"}]}],"versions":["v0.5.2","v0.6.0","v0.9.0","v0.9.0-preview","v1.0.0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.0.2"}]},{"events":[{"introduced":"0"},{"last_affected":"1.0.2"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40564.json","vanir_signatures_modified":"2026-04-11T21:23:22Z","vanir_signatures":[{"signature_version":"v1","source":"https://github.com/gpac/gpac/commit/cf6771c857eb9a290e2c19ddacfdd3ed98b27618","signature_type":"Line","digest":{"line_hashes":["33139317742673087143301621788696875760","40067023463941325579072277044494246212","6858436001336251329503023834040476408","215858056015409008606797735826477519635","280664615792475706385971753107292148226","285671375156926123525445493399398643339","223018829820854772209840817076401493095","218324005861058336068488887534003891768","277825195111491555614094537885684252686","256195421321412857773894656983395858737"],"threshold":0.9},"deprecated":false,"id":"CVE-2021-40564-021e478c","target":{"file":"src/media_tools/av_parsers.c"}},{"signature_version":"v1","source":"https://github.com/gpac/gpac/commit/cf6771c857eb9a290e2c19ddacfdd3ed98b27618","signature_type":"Function","digest":{"length":733,"function_hash":"242501853663965271778312182443974469698"},"deprecated":false,"id":"CVE-2021-40564-27059077","target":{"function":"gf_bs_read_ue_log_idx3","file":"src/media_tools/av_parsers.c"}},{"signature_version":"v1","source":"https://github.com/gpac/gpac/commit/cf6771c857eb9a290e2c19ddacfdd3ed98b27618","signature_type":"Function","digest":{"length":4231,"function_hash":"116652901503841662658803101052099390509"},"deprecated":false,"id":"CVE-2021-40564-a254b421","target":{"function":"avc_parse_slice","file":"src/media_tools/av_parsers.c"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}