Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
19 Aug 2021
19 Aug 2021
How to fix?
There is no fixed version for
GPAC4iOS is a GPAC4iOS is the libgpac library packaged for iOS as a Pod. It is preconfigured and tested to do a single task: create a MP4 file from a raw H.264 and an audio track.
Affected versions of this package are vulnerable to Heap-based Buffer Overflow. The implementation of the parser for the
txtc FOURCC code is responsible for reading a string from the atom, and then null-terminating it. At line 27, the function will take the 32-bit size and add 1 to it before truncating it to a 32-bit integer and then passing it as a parameter to the
gf_malloc function. If the atom size is set to
UINT_MAX, this addition when truncated to a 32-bit integer can result in an integer overflow causing the allocation to return a zero-sized buffer. Afterwards at line 29, the function will use the original non-truncated atom size to read the contents of the atom into the zero-sized buffer. This will then cause a heap-based buffer overflow when reading the string from the atom, and then null-terminating it.