Heap-based Buffer Overflow Affecting gpac4ios package, versions >=0.0.0


0.0
high
  • Attack Complexity

    Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-COCOAPODS-GPAC4IOS-1567340

  • published

    19 Aug 2021

  • disclosed

    19 Aug 2021

  • credit

    Cisco Talos

How to fix?

There is no fixed version for GPAC4iOS.

Overview

GPAC4iOS is a GPAC4iOS is the libgpac library packaged for iOS as a Pod. It is preconfigured and tested to do a single task: create a MP4 file from a raw H.264 and an audio track.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow. The following function is used by the library when parsing an atom using the stss FOURCC code. This function will first read a 32-bit number from the atom at line 73 for the number of entries. After reading the number of entries, the function will then check them against the 64-bit atom size. Due to the atom size being 64-bits, this check is insufficient. Afterwards, the function will store the number of entries into a 32-bit field, and then use it to perform a calculation for allocating memory from the heap. At line 74, the number of entries will be multiplied by the size of the u32 type. As any number other than zero multiplied by a 32-bit number can result in a value larger than 32-bits, this will cause an integer overflow which will result in a smaller size being allocated for the array. At line 75, the library will proceed to read integers from the atom into the undersized array resulting in a heap-based buffer overflow.