Heap-based Buffer Overflow Affecting gpac4ios Open this link in a new tab package, versions >=0.0.0


0.0
high
  • Attack Complexity

    Low

  • Availability

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-COCOAPODS-GPAC4IOS-1567334

  • published

    19 Aug 2021

  • disclosed

    19 Aug 2021

  • credit

    Cisco Talos

How to fix?

There is no fixed version for GPAC4iOS.

Overview

GPAC4iOS is a GPAC4iOS is the libgpac library packaged for iOS as a Pod. It is preconfigured and tested to do a single task: create a MP4 file from a raw H.264 and an audio track.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow. When encountering an atom using the “stco” FOURCC code, the library will use the following function. This function contains a number of offsets for a sample stored using an array of u32 entries. To read the contents of this atom, at line 43, the function will read the number of offsets from the atom and then check the result against the size of the atom. Due to the size of the atom being 64-bit, this check is not sufficient for checking the bounds of the number. At line 44, the library will then take the number of offsets and multiply them by the size of the u32 type. This multiplication can result in an integer overflow, at which point an undersized integer will be used to allocate space on the heap. After validating that the heap allocation was successful, at line 45, the function will continue to read the contents of the atom into the array. Due to the integer overflow, this loop will write outside the bounds of the array causing a heap-based buffer overflow.