CVE-2021-21835: 
NixOS vulnerability analysis and mitigation

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. The vulnerability was discovered and disclosed in August 2021, affecting GPAC Project Advanced Content commit a8a8d412dabcb129e695c3e7d861fcc81f608304 and v1.0.1 (Talos Report).

The vulnerability occurs in the MPEG-4 decoding functionality where the library processes atoms within an MPEG-4 container. When parsing the 'csgp' FOURCC atom, the library reads a u32 from the input and stores it into the 'patterncount' variable. After checking against input size, it uses this value in multiplication to allocate space for patterns, which can result in an integer overflow leading to an undersized allocation. This creates a heap-based buffer overflow condition when reading integers from the input into the undersized array ([Talos Report](https://talosintelligence.com/vulnerabilityreports/TALOS-2021-1297)).

A successful exploit could result in code execution under the context of the library. The vulnerability has a CVSS v3.0 score of 8.8 (High), indicating potential for high impact on confidentiality, integrity, and availability if exploited (Talos Report).

Users should upgrade to a patched version of the GPAC Project on Advanced Content library. The vulnerability was addressed in versions after v1.0.1 (Talos Report).