Heap-based Buffer Overflow Affecting gpac4ios package, versions >=0.0.0


0.0
high
  • Attack Complexity

    Low

  • Confidentiality

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-COCOAPODS-GPAC4IOS-1567327

  • published

    19 Aug 2021

  • disclosed

    19 Aug 2021

  • credit

    Cisco Talos

How to fix?

There is no fixed version for GPAC4iOS.

Overview

GPAC4iOS is a GPAC4iOS is the libgpac library packaged for iOS as a Pod. It is preconfigured and tested to do a single task: create a MP4 file from a raw H.264 and an audio track.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow. When encountering an atom with the stts FOURCC code, the library will use the following function. This atom is used to convert a unit of time into the actual samples used to decode the video input. When decoding this atom, at line 54 the function will read a 32-bit number in order to store the number of entries within the atom. After reading the number of sample entries, the function will then check them against the atom’s size. Due to the atom’s size being a 64-bit integer, this check is insufficient. Once the number of entries has been checked, the function will use the product of the number of entries with the size of the GF_SttsEntry structure, at line 55, in order to allocate space on the heap for storing the atom’s contents. Due to an integer overflow, this multiplication can result in the array being undersized. Thus, when reading the contents of each entry at line 56, the function will write outside the bounds of the array, resulting in a heap-based buffer overflow.