Lucene search

K
nvd[email protected]NVD:CVE-2021-21862
HistoryAug 18, 2021 - 3:15 p.m.

CVE-2021-21862

2021-08-1815:15:07
CWE-680
CWE-119
web.nvd.nist.gov
6
mpeg-4
decoding
vulnerabilities
heap-based buffer overflow
memory corruption
gpac project
xtra code
fourcc code
integer truncation
parser
memory allocation
video vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

67.8%

Multiple exploitable integer truncation vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption The implementation of the parser used for the β€œXtra” FOURCC code is handled. An attacker can convince a user to open a video to trigger this vulnerability.

Affected configurations

Nvd
Node
gpacgpacMatch1.0.1
VendorProductVersionCPE
gpacgpac1.0.1cpe:2.3:a:gpac:gpac:1.0.1:*:*:*:*:*:*:*

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

67.8%