CVE-2021-21862

Name of the Vulnerable Software and Affected Versions GPAC Project on Advanced Content library version 1.0.1

Description The issue is related to integer truncation vulnerabilities in the MPEG-4 decoding functionality. A specially crafted MPEG-4 input can cause improper memory allocation, resulting in a heap-based buffer overflow that leads to memory corruption. The implementation of the parser used for the Xtra FOURCC code is affected. An attacker can exploit this by convincing a user to open a malicious video, potentially allowing access to confidential data, disrupting data integrity, and causing a denial of service.

Recommendations For GPAC Project on Advanced Content library version 1.0.1, consider disabling the Xtra FOURCC code parser until a patch is available to prevent exploitation. Restrict access to videos from untrusted sources to minimize the risk of triggering this vulnerability.