The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsThere is no fixed version for GPAC4iOS
.
GPAC4iOS is a GPAC4iOS is the libgpac library packaged for iOS as a Pod. It is preconfigured and tested to do a single task: create a MP4 file from a raw H.264 and an audio track.
Affected versions of this package are vulnerable to Out-of-Bounds. The following function is responsible for parsing atoms that use the sdp
FOURCC code. This function will start by clamping the 64-bit size to a 32-bit integer and assigning it to the “length” variable at line 22. Afterwards at line 23, the library will add 1 to the length and use it to allocate space on the heap. If this “length” is set to UINT_MAX
, this addition will cause an integer overflow which when passed to the gf_malloc
function can result in a zero-sized allocation being made. Afterwards at line 24, the library will use the UINT_MAX length to read data from the atom into the zero-sized allocation. This and the null-termination will write outside the bounds of the buffer resulting in the corruption of memory.