CVE-2021-32439

Name of the Vulnerable Software and Affected Versions GPAC version 1.0.1

Description The issue is related to a buffer overflow in the stbl AppendSize function of the MP4Box command in the GPAC multimedia platform. This occurs due to the lack of input validation when copying a buffer. Exploitation of this issue allows a remote attacker to access confidential data, compromise data integrity, and cause a denial of service using a specially crafted file. The attacker can also execute arbitrary code.

Recommendations For GPAC version 1.0.1, consider disabling the stbl AppendSize function as a temporary workaround until a patch is available. Restrict access to the MP4Box command to minimize the risk of exploitation. Avoid using crafted files that could trigger the buffer overflow in the stbl AppendSize function until the issue is resolved.