CVE-2021-21858

Name of the Vulnerable Software and Affected Versions GPAC Project on Advanced Content library version 1.0.1

Description The issue is related to the absence of checks on the result of arithmetic operations in the URL decoder functionality of the GPAC multimedia platform's MPEG-4 decoding. This allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic, resulting in a heap-based buffer overflow that causes memory corruption. An attacker can trigger this issue by convincing a user to open a malicious video.

Recommendations For GPAC Project on Advanced Content library version 1.0.1, update to a version that includes a fix for the integer overflow vulnerability in the MPEG-4 decoding functionality. As a temporary workaround, consider restricting the use of the MPEG-4 decoding functionality until a patch is available. Avoid opening videos from untrusted sources to minimize the risk of exploitation.