CVE-2021-21836

Name of the Vulnerable Software and Affected Versions GPAC versions 1.0.1

Description The issue is related to an integer overflow in the MPEG-4 decoding functionality of the GPAC library, specifically with the "ctts" FOURCC code. This overflow is caused by unchecked arithmetic, resulting in a heap-based buffer overflow that leads to memory corruption. An attacker can exploit this issue by convincing a user to open a specially crafted video, potentially allowing remote access to confidential data, disruption of data integrity, and denial of service.

Recommendations For GPAC version 1.0.1, consider disabling the "ctts" decoding functionality until a patch is available to prevent potential exploitation. Restrict access to videos that could trigger this vulnerability to minimize the risk of memory corruption and subsequent attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.