CVE-2021-21860

Name of the Vulnerable Software and Affected Versions GPAC Project on Advanced Content library version 1.0.1

Description An exploitable integer truncation issue exists within the MPEG-4 decoding functionality. A specially crafted MPEG-4 input can cause improper memory allocation, resulting in a heap-based buffer overflow that causes memory corruption. The FOURCC code, 'trik', is parsed by the function within the library. An attacker can convince a user to open a video to trigger this issue.

Recommendations For GPAC Project on Advanced Content library version 1.0.1, consider disabling the MPEG-4 decoding functionality until a patch is available. Restrict access to videos that could potentially trigger this issue to minimize the risk of exploitation. Avoid using the 'trik' FOURCC code in the affected library until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.