{"id":"CVE-2021-40564","details":"A Segmentation fault caused by null pointer dereference vulnerability eists in Gpac through 1.0.2 via the avc_parse_slice function in av_parsers.c when using mp4box, which causes a denial of service.","modified":"2025-11-20T11:53:38.160871Z","published":"2022-01-12T22:15:07.847Z","references":[{"type":"FIX","url":"https://github.com/gpac/gpac/commit/cf6771c857eb9a290e2c19ddacfdd3ed98b27618"},{"type":"ADVISORY","url":"https://github.com/gpac/gpac/issues/1898"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5411"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gpac/gpac","events":[{"introduced":"0"},{"fixed":"cf6771c857eb9a290e2c19ddacfdd3ed98b27618"}]}],"versions":["v0.5.2","v0.6.0","v0.6.1","v0.7.0","v0.7.1","v0.8.0","v0.9.0","v0.9.0-preview","v1.0.0","v1.0.1"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","digest":{"line_hashes":["33139317742673087143301621788696875760","40067023463941325579072277044494246212","6858436001336251329503023834040476408","215858056015409008606797735826477519635","280664615792475706385971753107292148226","285671375156926123525445493399398643339","223018829820854772209840817076401493095","218324005861058336068488887534003891768","277825195111491555614094537885684252686","256195421321412857773894656983395858737"],"threshold":0.9},"id":"CVE-2021-40564-021e478c","signature_type":"Line","source":"https://github.com/gpac/gpac/commit/cf6771c857eb9a290e2c19ddacfdd3ed98b27618","target":{"file":"src/media_tools/av_parsers.c"},"deprecated":false},{"signature_version":"v1","digest":{"function_hash":"242501853663965271778312182443974469698","length":733},"id":"CVE-2021-40564-27059077","signature_type":"Function","source":"https://github.com/gpac/gpac/commit/cf6771c857eb9a290e2c19ddacfdd3ed98b27618","target":{"file":"src/media_tools/av_parsers.c","function":"gf_bs_read_ue_log_idx3"},"deprecated":false},{"signature_version":"v1","digest":{"function_hash":"116652901503841662658803101052099390509","length":4231},"id":"CVE-2021-40564-a254b421","signature_type":"Function","source":"https://github.com/gpac/gpac/commit/cf6771c857eb9a290e2c19ddacfdd3ed98b27618","target":{"file":"src/media_tools/av_parsers.c","function":"avc_parse_slice"},"deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40564.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}