GPAC Missing szLineConv Bounds Checking Out-of-Bounds Write Vulnerability

By GIXnews


A vulnerability in the gf_text_get_utf8_line function of GPAC could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

The vulnerability is due to improper bounds checks on the szLineConv parameter in the gf_text_get_utf8_lin function, as defined in the media_tools/text_import.c source code file of the affected software. An attacker could exploit this vulnerability by persuading a user to execute the MP4Box command on a multimedia file that submits malicious input to the targeted system. A successful exploit could trigger an out-of-bounds write condition that the attacker could use to execute arbitrary code or cause a denial of service (DoS) condition.

Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.

GPAC has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2018-20763

Source:: Cisco Multivendor Vulnerability Alerts