Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2021-21843
HistoryAug 18, 2021 - 12:00 a.m.

CVE-2021-21843

2021-08-1800:00:00
ubuntu.com
ubuntu.com
6

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

60.7%

JSON

Multiple exploitable integer overflow vulnerabilities exist within the
MPEG-4 decoding functionality of the GPAC Project on Advanced Content
library v1.0.1. A specially crafted MPEG-4 input can cause an integer
overflow due to unchecked arithmetic resulting in a heap-based buffer
overflow that causes memory corruption. After validating the number of
ranges, at [41] the library will multiply the count by the size of the
GF_SubsegmentRangeInfo structure. On a 32-bit platform, this multiplication
can result in an integer overflow causing the space of the array being
allocated to be less than expected. An attacker can convince a user to open
a video to trigger this vulnerability.

Related

cnvd 1
nvd 1
veracode 1
osv 2
debiancve 1
cve 1
prion 1
cvelist 1
talos 1
openvas 2
debian 1
mageia 1
nessus 1
cnvd
cnvd
GPAC Project on Advanced Content Integer Overflow Vulnerability (CNVD-2021-64079)
2021-08-19 00:00:00
nvd
nvd
CVE-2021-21843
2021-08-18 13:15:07
veracode
veracode
Denial Of Service
2021-09-02 18:49:06
osv
osv
CVE-2021-21843
2021-08-18 13:15:07
gpac - security update
2021-08-31 00:00:00
debiancve
debiancve
CVE-2021-21843
2021-08-18 13:15:07
cve
cve
CVE-2021-21843
2021-08-18 13:15:07
prion
prion
Integer overflow
2021-08-18 13:15:00
cvelist
cvelist
CVE-2021-21843
2021-08-18 12:33:47
talos
talos
GPAC Project on Advanced Content library MPEG-4 Decoding multiple multiplication integer overflow vulnerabilities
2021-08-16 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2021-0431)
2022-01-28 00:00:00
Debian: Security Advisory (DSA-4966-1)
2021-09-02 00:00:00
debian
debian
[SECURITY] [DSA 4966-1] gpac security update
2021-08-31 21:07:40
mageia
mageia
Updated gpac packages fix security vulnerability
2021-09-23 07:49:29
nessus
nessus
Debian DSA-4966-1 : gpac - security update
2021-09-01 00:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

60.7%

JSON
Related for UB:CVE-2021-21843
cnvd1nvd1veracode1osv2debiancve1cve1prion1cvelist1talos1openvas2debian1mageia1nessus1