Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
19 Aug 2021
19 Aug 2021
How to fix?
There is no fixed version for
GPAC4iOS is a GPAC4iOS is the libgpac library packaged for iOS as a Pod. It is preconfigured and tested to do a single task: create a MP4 file from a raw H.264 and an audio track.
Affected versions of this package are vulnerable to Heap-based Buffer Overflow. The following function is responsible for parsing atoms that use the
svhd FOURCC code. This implementation is used to read a string from the atom’s contents. At line 25, the function will take the 64-bit atom size, add 1 to it, and then truncate it to 32-bits prior to passing it to the
gf_malloc function. Due to the 32-bit truncation, if the atom size is set to
UINT_MAX, this can result in a zero-sized buffer being returned by
gf_malloc. After verifying the allocation was successful, the function will read the contents of the atom into the zero-sized array, and then null-terminate the string. Due to the size of the buffer being 0, this will write outside the bounds of the allocation resulting in a heap-based buffer overflow.