CVE-2021-21852

Name of the Vulnerable Software and Affected Versions GPAC Project on Advanced Content library version 1.0.1

Description The issue is related to the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library. A specially crafted MPEG-4 input at the "stss" decoder can cause an integer overflow due to unchecked arithmetic, resulting in a heap-based buffer overflow that causes memory corruption. This can be triggered when a user opens a video. An attacker can exploit this to gain access to confidential data, compromise data integrity, and cause a denial of service.

Recommendations For GPAC Project on Advanced Content library version 1.0.1, consider disabling the stss decoder functionality until a patch is available to prevent exploitation. Restrict access to the MPEG-4 decoding functionality to minimize the risk of exploitation. Avoid using the library to open videos from untrusted sources until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.