CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-21861
https://notcve.org/view.php?id=CVE-2021-21861
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. Se presenta una vulnerabilidad de truncamiento de enteros explotable dentro de la funcionalidad MPEG-4 decoding de la biblioteca GPAC Project en Advanced Content versión v1.0.1. Cuando se procesa el código FOURCC "hdlr", una entrada MPEG-4 especialmente diseñada puede causar una asignación de memoria inapropiada resultando en un desbordamiento del búfer en la región heap de la memoria que causa una corrupción de la memoria. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298 https://www.debian.org/security/2021/dsa-4966 • CWE-680: Integer Overflow to Buffer Overflow CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-21860
https://notcve.org/view.php?id=CVE-2021-21860
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. The FOURCC code, 'trik', is parsed by the function within the library. An attacker can convince a user to open a video to trigger this vulnerability. Se presenta una vulnerabilidad de truncamiento de enteros explotable dentro de la funcionalidad MPEG-4 decoding de la biblioteca GPAC Project en Advanced Content versión v1.0.1. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298 https://www.debian.org/security/2021/dsa-4966 • CWE-680: Integer Overflow to Buffer Overflow CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-21859
https://notcve.org/view.php?id=CVE-2021-21859
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The stri_box_read function is used when processing atoms using the 'stri' FOURCC code. An attacker can convince a user to open a video to trigger this vulnerability. Se presenta una vulnerabilidad de truncamiento de enteros explotable dentro de la funcionalidad MPEG-4 decoding de la biblioteca GPAC Project en Advanced Content versión v1.0.1. La función stri_box_read es usada cuando se procesan átomos usando el código FOURCC "stri". • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298 https://www.debian.org/security/2021/dsa-4966 • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32440
https://notcve.org/view.php?id=CVE-2021-32440
The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. La función Media_RewriteODFrame en GPAC versión 1.0.1, permite a atacantes causar una denegación de servicio (desreferencia del puntero NULL) por medio de un archivo diseñado en el comando MP4Box • https://github.com/gpac/gpac/commit/f0ba83717b6e4d7a15a1676d1fe06152e199b011 https://github.com/gpac/gpac/issues/1772 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32439
https://notcve.org/view.php?id=CVE-2021-32439
Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. Un desbordamiento del búfer en la función stbl_AppendSize de MP4Box en GPAC versión 1.0.1, permite a atacantes causar una denegación de servicio o ejecutar código arbitrario por medio de un archivo diseñado • https://github.com/gpac/gpac/commit/77ed81c069e10b3861d88f72e1c6be1277ee7eae https://github.com/gpac/gpac/issues/1774 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •