{"id":"CVE-2021-40571","details":"The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.","modified":"2026-02-24T11:40:53.799498Z","published":"2022-01-13T18:15:08.113Z","references":[{"type":"ADVISORY","url":"https://github.com/gpac/gpac/commit/a69b567b8c95c72f9560c873c5ab348be058f340"},{"type":"ADVISORY","url":"https://github.com/gpac/gpac/issues/1895"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5411"},{"type":"REPORT","url":"https://github.com/gpac/gpac/issues/1895"},{"type":"FIX","url":"https://github.com/gpac/gpac/commit/a69b567b8c95c72f9560c873c5ab348be058f340"},{"type":"EVIDENCE","url":"https://github.com/gpac/gpac/issues/1895"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gpac/gpac","events":[{"introduced":"0"},{"fixed":"a69b567b8c95c72f9560c873c5ab348be058f340"}]}],"versions":["v0.5.2","v0.6.0","v0.6.1","v0.7.0","v0.7.1","v0.8.0","v0.9.0","v0.9.0-preview","v1.0.0","v1.0.1"],"database_specific":{"vanir_signatures":[{"digest":{"function_hash":"267599386368034517678407404425567609043","length":2616},"id":"CVE-2021-40571-a79836d7","deprecated":false,"target":{"file":"src/odf/descriptors.c","function":"gf_odf_av1_cfg_read_bs_size"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/gpac/gpac/commit/a69b567b8c95c72f9560c873c5ab348be058f340"},{"digest":{"threshold":0.9,"line_hashes":["167712747624264993690543912685537572073","46605784320911199798118875246953709599","10592338377528693664937670519065565482","14721782883213438859082900364656024061"]},"id":"CVE-2021-40571-f476bab8","deprecated":false,"target":{"file":"src/odf/descriptors.c"},"signature_version":"v1","signature_type":"Line","source":"https://github.com/gpac/gpac/commit/a69b567b8c95c72f9560c873c5ab348be058f340"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-40571.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}