CVE-2021-21859 - log back

CVE-2021-21859 created at 23 Aug 2021 10:48:41
Severity
+ Medium
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The stri_box_read function is used when processing atoms using the 'stri' FOURCC code. An attacker can convince a user to open a video to trigger this vulnerability.
References
+ https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298
+ https://github.com/gpac/gpac/issues/1814
+ https://github.com/gpac/gpac/commit/8cd33e8977fd5f4215e4b67c309fd403762bfeb7
Notes