Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
19 Aug 2021
19 Aug 2021
How to fix?
There is no fixed version for
GPAC4iOS is a GPAC4iOS is the libgpac library packaged for iOS as a Pod. It is preconfigured and tested to do a single task: create a MP4 file from a raw H.264 and an audio track.
Affected versions of this package are vulnerable to Heap-based Buffer Overflow. The
csgp_box_read function is used to parse an atom that uses the
csgp FOURCC code. This parser starts out by reading an 8-bit integer, followed by a 24-bit integer at line 68 which contains flags describing the sizes of certain fields within the atom. At line 69, the function will use the
get_size_by_code implementation in order to determine how many bits are used for a dependant field. Depending on the bits that are set within the flags, an integer may use 4, 8, 16, or 32-bits for its value. At line 70, the number of bits described by the
pattern_size variable is used to read a length from an individual pattern within the atom. If the
pattern_size field has all of its bits set, this will result in the length being stored with 32-bits. After reading the length, at line 71, the function will use the product of the length and the size of the u32 type in order to perform an allocation. If the size of the length field is 32-bits, then its product will result in more than 32-bits causing an integer overflow. Due to this integer-overflow, this allocation can be made to be smaller than required by the parser. After reading each individual pattern, the function will iterate through each pattern again in order to load the indices that were specified by the length. At line 72 the inner-most loop will read an integer of
index_size bits, and then store them into the array that was allocated for each index. Due to the integer-overflow, this array will be undersized and thus this loop will write outside of its bounds resulting in a heap-based buffer overflow.