CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-21836
https://notcve.org/view.php?id=CVE-2021-21836
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input using the “ctts” FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. Se presenta una vulnerabilidad de desbordamiento de enteros explotable dentro de la funcionalidad MPEG-4 decoding de GPAC Project on Advanced Content library versión v1.0.1. Una entrada MPEG-4 especialmente diseñada que utilice el código FOURCC "ctts" puede causar un desbordamiento de enteros debido a una aritmética no comprobada, resultando en un desbordamiento del búfer en la región heap de la memoria que causa una corrupción de la memoria. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 https://www.debian.org/security/2021/dsa-4966 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-21834
https://notcve.org/view.php?id=CVE-2021-21834
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the atom for the “co64” FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. Se presenta una vulnerabilidad de desbordamiento de enteros explotable dentro de la funcionalidad MPEG-4 decoding de GPAC Project on Advanced Content library versión v1.0.1. Una entrada MPEG-4 especialmente diseñada cuando se decodifica el átomo para el FOURCC "co64" puede causar un desbordamiento de enteros debido a una aritmética no comprobada, resultando en un desbordamiento de búfer en la región heap de la memoria que causa una corrupción de la memoria. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 https://www.debian.org/security/2021/dsa-4966 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-21835
https://notcve.org/view.php?id=CVE-2021-21835
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the atom associated with the “csgp” FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. Se presenta una vulnerabilidad de desbordamiento de enteros explotable dentro de la funcionalidad MPEG-4 decoding de GPAC Project on Advanced Content library versión v1.0.1. Una entrada MPEG-4 especialmente diseñada cuando se decodifica el átomo asociado con el FOURCC "csgp" puede causar un desbordamiento de enteros debido a una aritmética no comprobada, resultando en un desbordamiento de búfer en la región heap de la memoria que causa una corrupción de la memoria. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-21862
https://notcve.org/view.php?id=CVE-2021-21862
Multiple exploitable integer truncation vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption The implementation of the parser used for the “Xtra” FOURCC code is handled. An attacker can convince a user to open a video to trigger this vulnerability. Se presenta una vulnerabilidad de deserialización no segura en la funcionalidad ObjectManager.plugin ProfileInformation.ProfileData de CODESYS GmbH CODESYS Development System versiones 3.5.16 y 3.5.17. Un archivo especialmente diseñado puede conllevar a una ejecución arbitraria de comandos. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-21858
https://notcve.org/view.php?id=CVE-2021-21858
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. Se presentan múltiples vulnerabilidades de desbordamiento de enteros explotables en la funcionalidad de decodificación de MPEG-4 de la librería GPAC Project on Advanced Content versión v1.0.1. Una entrada MPEG-4 especialmente diseñada puede causar un desbordamiento de enteros debido a la aritmética de adición no comprobada, resultando en un desbordamiento de búfer en la región heap de la memoria que causa una corrupción de memoria. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299 https://www.debian.org/security/2021/dsa-4966 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-680: Integer Overflow to Buffer Overflow •