Vulnerability Description
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gpac | Gpac | 1.0.1 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297ExploitTechnical DescriptionThird Party Advisory
- https://www.debian.org/security/2021/dsa-4966Third Party Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1297ExploitTechnical DescriptionThird Party Advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297ExploitTechnical DescriptionThird Party Advisory
- https://www.debian.org/security/2021/dsa-4966Third Party Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1297ExploitTechnical DescriptionThird Party Advisory
FAQ
What is CVE-2021-21838?
CVE-2021-21838 is a vulnerability with a CVSS score of 8.8 (HIGH). Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause ...
How severe is CVE-2021-21838?
CVE-2021-21838 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-21838?
Check the references section above for vendor advisories and patch information. Affected products include: Gpac Gpac, Debian Debian Linux.