CVE-2021-21848

Name of the Vulnerable Software and Affected Versions GPAC Project on Advanced Content library version 1.0.1

Description An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library. The library reuses the parser for atoms with the “stsz” FOURCC code when parsing atoms that use the “stz2” FOURCC code, causing an integer overflow due to unchecked arithmetic. This results in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability, potentially allowing remote access to confidential data, disruption of data integrity, and denial of service.

Recommendations For GPAC Project on Advanced Content library version 1.0.1, consider disabling the MPEG-4 decoding functionality until a patch is available to prevent exploitation of the integer overflow vulnerability. Restrict access to videos that could trigger this vulnerability to minimize the risk of memory corruption and potential data breaches. At the moment, there is no information about a newer version that contains a fix for this vulnerability.