CVE-2021-21861 - log back

CVE-2021-21861 created at 23 Aug 2021 10:48:42
Severity
+ Medium
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
References
+ https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298
+ https://github.com/gpac/gpac/issues/1814
+ https://github.com/gpac/gpac/commit/8cd33e8977fd5f4215e4b67c309fd403762bfeb7
Notes