Headline
CVE-2022-3178: fixed #2255 · gpac/gpac@7751077
Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV.
@@ -12886,11 +12886,12 @@ GF_Err xtra_box_read(GF_Box *s, GF_BitStream *bs)
prop_type = gf_bs_read_u16(bs);
prop_size -= 6;
ISOM_DECREASE_SIZE_NO_ERR(ptr, prop_size)
//add 2 extra bytes for UTF16 case string dump
data2 = gf_malloc(sizeof(char) * (prop_size+2));
//add 3 extra bytes for UTF16 case string dump (3 because we need 0-aligned short value)
data2 = gf_malloc(sizeof(char) * (prop_size+3));
gf_bs_read_data(bs, data2, prop_size);
data2[prop_size] = 0;
data2[prop_size+1] = 0;
data2[prop_size+2] = 0;
tag_size-=prop_size;
} else {
prop_size = 0;
Related news
Gentoo Linux Security Advisory 202408-21 - Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 2.2.0 are affected.