| Título | GPAC 26.03-DEV Buffer Overflow |
|---|
| Descripción | A heap buffer overflow vulnerability was found in GPAC version 26.03-DEV. The issue affects the function svgin_process() in the file src/filters/load_svg.c. When processing DIMS data, the inner unit size read from the bitstream (line 201) overwrites the outer packet size used for buffer allocation (line 192). This results in an out-of-bounds read at line 210 and an out-of-bounds write at line 212 via a crafted MP4 file. This may allow attackers to cause a Denial of Service or execute arbitrary code. The issue has been acknowledged and fixed by the vendor. |
|---|
| Fuente | ⚠️ https://github.com/gpac/gpac/issues/3468#event-23006542038 |
|---|
| Usuario | breakingbad (UID 96046) |
|---|
| Sumisión | 2026-03-02 06:35 (hace 2 meses) |
|---|
| Moderación | 2026-03-11 20:19 (10 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 350538 [GPAC 26.03-DEV SVG Parser src/filters/load_svg.c svgin_process desbordamiento de búfer] |
|---|
| Puntos | 20 |
|---|