Headline
CVE-2022-1441: fixed #2175 · gpac/gpac@3dbe11b
MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function diST_box_read() to read from video. In this function, it allocates a buffer str with fixed length. However, content read from bs is controllable by user, so is the length, which causes a buffer overflow.
Expand Up
@@ -1128,20 +1128,12 @@ void diST_box_del(GF_Box *s)
GF_Err diST_box_read(GF_Box *s, GF_BitStream *bs)
{
u32 i;
char str[1024];
GF_DIMSScriptTypesBox *p = (GF_DIMSScriptTypesBox *)s;
i=0;
str[0]=0;
while (1) {
str[i] = gf_bs_read_u8(bs);
if (!str[i]) break;
i++;
}
ISOM_DECREASE_SIZE(p, i);
p->content_script_types = gf_strdup(str);
p->content_script_types = gf_malloc(sizeof(char) * (s->size+1));
if (!p->content_script_types) return GF_OUT_OF_MEM;
gf_bs_read_data(bs, p->content_script_types, s->size);
p->content_script_types[s->size] = 0;
return GF_OK;
}
Expand Down
Related news
Gentoo Linux Security Advisory 202408-21 - Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 2.2.0 are affected.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.