CVE-2021-33362

Name of the Vulnerable Software and Affected Versions GPAC version 1.0.1

Description The issue is related to a stack buffer overflow in the hevc parse vps extension function in MP4Box, a component of the GPAC multimedia platform. This allows attackers to cause a denial of service or execute arbitrary code via a crafted file. The vulnerability can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service using a specially crafted file.

Recommendations For GPAC version 1.0.1, consider disabling the hevc parse vps extension function until a patch is available to prevent potential exploitation. Restrict access to crafted files that could trigger the buffer overflow to minimize the risk of denial of service or arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.