Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
19 Aug 2021
19 Aug 2021
How to fix?
There is no fixed version for
GPAC4iOS is a GPAC4iOS is the libgpac library packaged for iOS as a Pod. It is preconfigured and tested to do a single task: create a MP4 file from a raw H.264 and an audio track.
Affected versions of this package are vulnerable to Out-of-Bounds. The following function is responsible for parsing atoms that use the
sdp FOURCC code. This function will start by clamping the 64-bit size to a 32-bit integer and assigning it to the “length” variable at line 22. Afterwards at line 23, the library will add 1 to the length and use it to allocate space on the heap. If this “length” is set to
UINT_MAX, this addition will cause an integer overflow which when passed to the
gf_malloc function can result in a zero-sized allocation being made. Afterwards at line 24, the library will use the UINT_MAX length to read data from the atom into the zero-sized allocation. This and the null-termination will write outside the bounds of the buffer resulting in the corruption of memory.