Heap Use-After-Free in GPAC MP4Box's ogg_stream_clear Function When Processing OGG Files in gpac/gpac
Mar 22nd 2023
A heap use-after-free vulnerability has been discovered in GPAC MP4Box's ogg_stream_clear function when processing OGG files. The vulnerability occurs due to improper handling of memory allocations and deallocations while processing OGG files. This leads to the use of previously freed memory, causing a potential risk of memory corruption, crashes, or other undefined behaviors.
Reproduce : ./bin/gcc/MP4Box -dash 1000 POC
LINK : https://drive.google.com/file/d/1PO-c2WJnWqjUsG5dB0terCddup9-CL28/view?usp=share_link
An attacker who can successfully exploit this vulnerability could potentially execute arbitrary code in the context of the application, leading to a compromise of the system where the vulnerable software is installed. Additionally, the attacker could use this vulnerability to cause a denial of service (DoS) by crashing the application or making it unresponsive. This vulnerability poses a significant risk to the confidentiality, integrity, and availability of systems running the affected software.