← Volver a CVEs

CVE-2021-21849

HIGH

8.8

Descripcion

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “tfra” FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.

Detalles CVE

Puntuacion CVSS v3.18.8

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioREQUIRED

Publicado8/25/2021

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

debian:debian_linuxgpac:gpac

Debilidades (CWE)

CWE-680CWE-119

Referencias

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297(talos-cna@cisco.com)

https://www.debian.org/security/2021/dsa-4966(talos-cna@cisco.com)

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297(af854a3a-2127-422b-91ae-364da2661108)

https://www.debian.org/security/2021/dsa-4966(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.