CVE-2021-21855

Name of the Vulnerable Software and Affected Versions GPAC Project on Advanced Content library version 1.0.1

Description The issue is related to the absence of checks on the result of arithmetic operations in the sdp decoder functionality of the GPAC multimedia platform, specifically in the MPEG-4 decoding functionality. This can lead to an integer overflow due to unchecked addition arithmetic, resulting in a heap-based buffer overflow that causes memory corruption. An attacker can exploit this by convincing a user to open a specially crafted MPEG-4 video, potentially allowing them to access confidential data, disrupt its integrity, and cause a denial of service.

Recommendations For GPAC Project on Advanced Content library version 1.0.1, consider disabling the MPEG-4 decoding functionality until a patch is available to prevent exploitation. Restrict access to videos that could potentially trigger this vulnerability to minimize the risk of memory corruption and data integrity disruption. Avoid using the affected library for decoding MPEG-4 content until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.