CVE-2021-21859

Name of the Vulnerable Software and Affected Versions GPAC Project on Advanced Content library version 1.0.1

Description An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality. The stri box read function is used when processing atoms using the 'stri' FOURCC code. An attacker can convince a user to open a video to trigger this vulnerability, potentially allowing remote access to confidential data, disruption of data integrity, and denial of service.

Recommendations For GPAC Project on Advanced Content library version 1.0.1, consider disabling the stri box read function until a patch is available to prevent exploitation. Restrict access to videos that could trigger this vulnerability to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.