{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T03:22:36.651","vulnerabilities":[{"cve":{"id":"CVE-2021-21860","sourceIdentifier":"talos-cna@cisco.com","published":"2021-08-16T20:15:48.550","lastModified":"2024-11-21T05:49:07.677","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. The FOURCC code, 'trik', is parsed by the function within the library. An attacker can convince a user to open a video to trigger this vulnerability."},{"lang":"es","value":"Se presenta una vulnerabilidad de truncamiento de enteros explotable dentro de la funcionalidad MPEG-4 decoding de la biblioteca GPAC Project en Advanced Content versión v1.0.1. Una entrada de MPEG-4 especialmente diseñada puede causar una asignación de memoria inapropiada, resultando en un desbordamiento del búfer en la región heap de la memoria que causa una corrupción de la memoria. El código FOURCC, \"trik\", es analizado por la función dentro de la biblioteca. Un atacante puede convencer a un usuario de abrir un vídeo para desencadenar esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"talos-cna@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-680"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-681"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gpac:gpac:1.0.1:*:*:*:*:*:*:*","matchCriteriaId":"82DD2D40-0A05-48FD-940D-32B4D8B51AB3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]}],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298","source":"talos-cna@cisco.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.debian.org/security/2021/dsa-4966","source":"talos-cna@cisco.com","tags":["Third Party Advisory"]},{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.debian.org/security/2021/dsa-4966","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}