CVE-2021-21861

Name of the Vulnerable Software and Affected Versions GPAC Project on Advanced Content library version 1.0.1

Description An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality. When processing the 'hdlr' FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability, potentially allowing the attacker to access confidential data, disrupt its integrity, and cause a denial of service.

Recommendations For GPAC Project on Advanced Content library version 1.0.1, consider disabling the MPEG-4 decoding functionality until a patch is available to prevent exploitation. Restrict access to videos that could potentially trigger this vulnerability to minimize the risk of memory corruption and data integrity disruption. Avoid using the 'hdlr' FOURCC code in the affected MPEG-4 decoding functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.