GPAC cat_multiple_files Function Buffer Overflow Vulnerability

By GIXnews


A vulnerability in the cat_multiple_files function of GPAC could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) on a targeted system.

The vulnerability exists in the cat_multiple_files function, as defined in the applications/mp4box/fileimport.c source code file of the affected software. An attacker could exploit this vulnerability by persuading a user to execute the MP4Box command on a multimedia file that submits malicious input to the targeted system. A successful exploit could trigger a buffer overflow condition that the attacker could use to execute arbitrary code or cause a DoS condition.

Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.

GPAC has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2018-20762

Source:: Cisco Multivendor Vulnerability Alerts