Skip to content

Latest commit

 

History

History
18 lines (12 loc) · 1.04 KB

CVE-2021-21844.md

File metadata and controls

18 lines (12 loc) · 1.04 KB

Description

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when encountering an atom using the “stco” FOURCC code, can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.

POC

Reference

Github

No PoCs found on GitHub currently.