Gpac 0.7.1 Buffer Overflow Vulnerability

Summary

An issue was discovered in GPAC 0.7.1. There is a heap-based buffer overflow in the function ReadGF_IPMPX_RemoveToolNotificationListener in odf/ipmpx_code.c in libgpac.a, as demonstrated by MP4Box.

Credit:

The information has been provided by  Thorsten Alteholz
The original article can be found at: https://github.com/gpac/gpac/issues/1249


Details

Gpac is prone to a overflow vulnerability.This allows a remote attackers to execute arbitrary code via crafted packets and cause a denial of service (memory corruption)

Vulnerable Systems:

  • Gpac 0.7.1

CVE Information:

CVE-2019-12483

Disclosure Timeline:
Publish Date:05/30/2019

Categories: News