| عنوان | GPAC 26.03-DEV Buffer Overflow |
|---|
| الوصف | A heap buffer overflow vulnerability was found in GPAC version 26.03-DEV. The issue affects the function svgin_process() in the file src/filters/load_svg.c. When processing DIMS data, the inner unit size read from the bitstream (line 201) overwrites the outer packet size used for buffer allocation (line 192). This results in an out-of-bounds read at line 210 and an out-of-bounds write at line 212 via a crafted MP4 file. This may allow attackers to cause a Denial of Service or execute arbitrary code. The issue has been acknowledged and fixed by the vendor. |
|---|
| المصدر | ⚠️ https://github.com/gpac/gpac/issues/3468#event-23006542038 |
|---|
| المستخدم | breakingbad (UID 96046) |
|---|
| ارسال | 02/03/2026 06:35 AM (2 أشهر منذ) |
|---|
| الاعتدال | 11/03/2026 08:19 PM (10 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 350538 [GPAC 26.03-DEV SVG Parser src/filters/load_svg.c svgin_process تلف الذاكرة] |
|---|
| النقاط | 20 |
|---|