CVE-2022-1441

Name of the Vulnerable Software and Affected Versions GPAC versions 2.0.0

Description The issue arises when MP4Box, a component of GPAC, attempts to parse a MP4 file. It calls the function diST box read() to read from the video, allocating a buffer str with a fixed length. However, the content read from bs and its length are controllable by the user, leading to a buffer overflow.

Recommendations For GPAC version 2.0.0, consider disabling the diST box read() function as a temporary workaround until a patch is available. Restrict access to MP4Box to minimize the risk of exploitation. Avoid using MP4Box to parse MP4 files from untrusted sources until the issue is resolved.