CVE-2021-21841

Name of the Vulnerable Software and Affected Versions GPAC Project on Advanced Content library version 1.0.1

Description An integer overflow vulnerability exists within the MPEG-4 decoding functionality. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic, resulting in a heap-based buffer overflow that causes memory corruption. This can be triggered when reading an atom using the 'sbgp' FOURCC code. An attacker can convince a user to open a video to exploit this issue, potentially allowing remote access to confidential data, disruption of data integrity, and denial of service.

Recommendations For GPAC Project on Advanced Content library version 1.0.1, consider disabling the MPEG-4 decoding functionality until a patch is available. Restrict access to videos that could potentially exploit this vulnerability to minimize the risk of memory corruption and data integrity disruption. Avoid using the 'sbgp' FOURCC code in MPEG-4 inputs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.