CVE-2021-21851

Name of the Vulnerable Software and Affected Versions GPAC Project on Advanced Content library version 1.0.1

Description The issue is related to the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library. A specially crafted MPEG-4 input at "csgp" decoder sample group description indices can cause an integer overflow due to unchecked arithmetic, resulting in a heap-based buffer overflow that causes memory corruption. This can be triggered when a user opens a video. An attacker can exploit this to gain access to confidential data, disrupt its integrity, and cause a denial of service.

Recommendations For GPAC Project on Advanced Content library version 1.0.1, consider disabling the csgp decoder sample group description indices functionality until a patch is available to prevent exploitation. Restrict access to the MPEG-4 decoding functionality to minimize the risk of exploitation. Avoid using the csgp decoder with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.