CVE-2021-21840

Name of the Vulnerable Software and Affected Versions GPAC Project on Advanced Content library version 1.0.1

Description An integer overflow vulnerability exists within the MPEG-4 decoding functionality due to unchecked arithmetic, resulting in a heap-based buffer overflow that causes memory corruption. This can be triggered by a specially crafted MPEG-4 input using the "saio" FOURCC code. An attacker can exploit this by convincing a user to open a malicious video, potentially leading to access to confidential data, disruption of data integrity, and denial of service.

Recommendations For GPAC Project on Advanced Content library version 1.0.1, consider disabling the saio FOURCC code processing functionality until a patch is available to prevent exploitation. Restrict access to video files from untrusted sources to minimize the risk of triggering this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.