CVE-2021-21843

Name of the Vulnerable Software and Affected Versions GPAC Project on Advanced Content library version 1.0.1

Description The issue is related to the MPEG-4 decoding functionality, where a specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic, resulting in a heap-based buffer overflow that causes memory corruption. This occurs when the library multiplies the count by the size of the GF SubsegmentRangeInfo structure, potentially leading to an integer overflow on 32-bit platforms. An attacker can exploit this by convincing a user to open a malicious video. The vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For GPAC Project on Advanced Content library version 1.0.1, consider disabling the MPEG-4 decoding functionality until a patch is available. Restrict access to videos from untrusted sources to minimize the risk of exploitation. As a temporary workaround, avoid using the library for decoding MPEG-4 content until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.