CVE-2022-30976

Name of the Vulnerable Software and Affected Versions GPAC version 2.0.0

Description The issue is related to the misuse of a certain Unicode function, specifically utf8 wcslen (renamed gf utf8 wcslen), in the utils/utf.c file. This results in a heap-based buffer over-read, which can be demonstrated using MP4Box.

Recommendations For GPAC version 2.0.0, consider restricting access to the gf utf8 wcslen function in utils/utf.c to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.