CVE-2021-21834

Name of the Vulnerable Software and Affected Versions GPAC versions 1.0.1

Description The issue is related to the co64 decoder functionality in the GPAC multimedia platform, specifically in the MPEG-4 decoding. It involves incorrect checking of the result of an arithmetic operation, which can lead to memory corruption. An attacker can exploit this by providing a specially crafted MPEG-4 input, potentially allowing them to access confidential data, compromise data integrity, and cause a denial of service. The vulnerability can be triggered when a user opens a maliciously crafted video.

Recommendations For GPAC version 1.0.1, consider disabling the co64 decoder functionality until a patch is available to prevent potential exploitation. Restrict access to the MPEG-4 decoding functionality to minimize the risk of memory corruption and data compromise. Avoid using the GPAC library to decode MPEG-4 inputs from untrusted sources until the issue is resolved.