CVE-2021-21845

Name of the Vulnerable Software and Affected Versions GPAC Project on Advanced Content library version 1.0.1

Description The issue is related to the MPEG-4 decoding functionality of the GPAC library, specifically the stsc decoder. It involves an integer overflow due to unchecked arithmetic, resulting in a heap-based buffer overflow that causes memory corruption. This can be triggered by a specially crafted MPEG-4 input, allowing a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. An attacker can exploit this by convincing a user to open a maliciously crafted video.

Recommendations For GPAC Project on Advanced Content library version 1.0.1, consider disabling the stsc decoder functionality until a patch is available to prevent exploitation. Restrict access to videos from untrusted sources to minimize the risk of triggering the vulnerability. Avoid using the affected library for decoding MPEG-4 content until an update is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.