CVE-2021-21850

Name
CVE-2021-21850
Description
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “trun” FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
DEBIAN https://www.debian.org/security/2021/dsa-4966

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gpac:gpac:1.0.1:*:*:*:*:*:*:* gpac == None == 1.0.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status