Vulnerabilities > CVE-2021-21852 - Unspecified vulnerability in Gpac 1.0.1

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

gpac

NVD

Published: 2021-08-18

Updated: 2024-11-21

Summary

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “stss” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Gpac Gpac Gpac 1.0.1	1

References

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
https://www.debian.org/security/2023/dsa-5411
https://www.debian.org/security/2023/dsa-5411
https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1297
https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1297