Buffer Overflow Affecting gpac4ios package, versions >=0.0.0



    Attack Complexity Low
    Availability High

    Threat Intelligence

    EPSS 0.16% (52nd percentile)
Expand this section
8.8 high

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • published 19 Aug 2021
  • disclosed 19 Aug 2021
  • credit Cisco Talos

How to fix?

There is no fixed version for GPAC4iOS.


GPAC4iOS is a GPAC4iOS is the libgpac library packaged for iOS as a Pod. It is preconfigured and tested to do a single task: create a MP4 file from a raw H.264 and an audio track.

Affected versions of this package are vulnerable to Buffer Overflow. When parsing an atom with the rtp FOURCC code when its parent atom is using the hnti FOURCC code, the following function will be used. This function take the 64-bit size for the atom, and then truncate it to a 32-bit integer at line 19. This size will then be used to allocate memory at line 20 after adding 1 to it. When the 32-bit size is set to UINT_MAX, this addition will result in an integer overflow. As this length is then passed to the gf_malloc function, a zero-sized buffer will be allocated. Later at line 21, the library will then use the 32-bit length prior to the addition of 1, and then read data from the input into the undersized buffer. This and the null termination will write outside the bounds of the undersized buffer, corrupting memory due to a buffer overflow and a relative write.