CVE-2021-21857

Name of the Vulnerable Software and Affected Versions GPAC Project on Advanced Content library version 1.0.1

Description The issue is related to the absence of checks on the result of an arithmetic operation in the txtc decoder functionality of the GPAC multimedia platform, specifically in the MPEG-4 decoding functionality. This can be exploited by a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic, resulting in a heap-based buffer overflow that causes memory corruption. An attacker can trigger this issue by convincing a user to open a specially crafted video.

Recommendations For GPAC Project on Advanced Content library version 1.0.1, consider disabling the MPEG-4 decoding functionality until a patch is available to prevent exploitation. Restrict access to videos from untrusted sources to minimize the risk of triggering the vulnerability. As a temporary workaround, avoid using the library for decoding MPEG-4 content until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.