Login Sign Up

CVE-2021-41456

7.5 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

A stack buffer overflow vulnerability in MP4Box v1.0.1 allows attackers to cause denial of service by exploiting improper bounds checking in the nhmldmx_send_sample() function. This affects systems running GPAC's MP4Box multimedia processing tool. Attackers can crash the application by providing specially crafted input.

💻 Affected Systems

Products:
  • GPAC MP4Box
Versions: v1.0.1 and possibly earlier versions
Operating Systems: Linux, Windows, macOS, Unix-like systems
Default Config Vulnerable: ⚠️ Yes
Notes: Any system using MP4Box to process multimedia files is potentially vulnerable.

📦 What is this software?

Mp4box by Gpac

View all CVEs affecting Mp4box →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise if combined with other vulnerabilities or memory corruption techniques.

🟠

Likely Case

Application crash and denial of service, disrupting multimedia processing operations.

🟢

If Mitigated

Limited impact with proper input validation and memory protection mechanisms in place.

🌐 Internet-Facing: MEDIUM - MP4Box is typically used for media processing rather than as an internet-facing service, but could be exposed via web applications.
🏢 Internal Only: MEDIUM - Internal systems using MP4Box for media processing could experience service disruption.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability is in a core parsing function and can be triggered by processing malicious media files.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: GPAC versions after the fix in GitHub commit addressing the issue

Vendor Advisory: https://github.com/gpac/gpac/issues/1911

Restart Required: Yes

Instructions:

1. Update GPAC to the latest version from the official repository. 2. Recompile MP4Box if using source. 3. Restart any services using MP4Box.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for media files before processing with MP4Box

# Example: Use file command to verify file types before processing
file --mime-type input.mp4 | grep -q 'video/mp4' && mp4box ...

Memory Protection

linux

Enable stack protection and address space layout randomization

# Linux: Ensure ASLR is enabled
sysctl -w kernel.randomize_va_space=2
# Compile with stack protection: -fstack-protector-all

🧯 If You Can't Patch

  • Isolate MP4Box usage to dedicated, non-critical systems with limited network access
  • Implement strict file upload controls and sandbox MP4Box execution

🔍 How to Verify

Check if Vulnerable:

Check MP4Box version: mp4box -version | grep -i version

Check Version:

mp4box -version

Verify Fix Applied:

Verify version is updated and test with known safe media files

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault errors in system logs
  • MP4Box process crashes
  • Abnormal termination of media processing jobs

Network Indicators:

  • Unusual file uploads to media processing systems
  • Repeated connection attempts to MP4Box services

SIEM Query:

process_name:"mp4box" AND (event_type:"crash" OR exit_code:139)

📊 Metadata

CVE ID: CVE-2021-41456
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
Published: October 1, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-41456, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)