CVE-2021-21838

Name of the Vulnerable Software and Affected Versions GPAC Project on Advanced Content library version 1.0.1

Description The issue is related to the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library. It involves an integer overflow vulnerability due to unchecked arithmetic, resulting in a heap-based buffer overflow that causes memory corruption. An attacker can exploit this by convincing a user to open a specially crafted MPEG-4 video, potentially leading to access to confidential data, disruption of data integrity, and denial of service.

Recommendations For GPAC Project on Advanced Content library version 1.0.1, consider updating to a newer version that addresses the integer overflow vulnerability in the MPEG-4 decoding functionality. As a temporary workaround, restrict the use of the MPEG-4 decoding functionality until a patch is available. Avoid opening videos from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.