CVE-2021-21839
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
Se presentan múltiples vulnerabilidades de desbordamiento de enteros explotables dentro de la funcionalidad MPEG-4 decoding de GPAC Project on Advanced Content library versión v1.0.1. Una entrada MPEG-4 especialmente diseñada puede causar un desbordamiento de enteros debido a una aritmética no comprobada, resultando en un desbordamiento del búfer en la región heap de la memoria que causa una corrupción de memoria. Un atacante puede convencer a un usuario de que abra un vídeo para desencadenar esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-04 CVE Reserved
- 2021-08-18 CVE Published
- 2024-05-03 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-680: Integer Overflow to Buffer Overflow
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 | 2024-08-03 | |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1297 | 2024-08-03 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.debian.org/security/2021/dsa-4966 | 2022-07-29 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Gpac Search vendor "Gpac" | Gpac Search vendor "Gpac" for product "Gpac" | 1.0.1 Search vendor "Gpac" for product "Gpac" and version "1.0.1" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
|