Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “stss” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Gpac | Gpac | 1.0.1 (including) | 1.0.1 (including) |
| Gpac | Ubuntu | bionic | * |
| Gpac | Ubuntu | focal | * |
| Gpac | Ubuntu | hirsute | * |
| Gpac | Ubuntu | impish | * |
| Gpac | Ubuntu | kinetic | * |
| Gpac | Ubuntu | lunar | * |
| Gpac | Ubuntu | trusty | * |
| Gpac | Ubuntu | trusty/esm | * |
| Gpac | Ubuntu | xenial | * |