Heap-Based Buffer Over-Read in GPAC 2.0.0 via Misuse of gf_utf8_wcslen Function

Heap-Based Buffer Over-Read in GPAC 2.0.0 via Misuse of gf_utf8_wcslen Function

CVE-2022-30976 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box.

Learn more about our Cis Benchmark Audit For Suse Linux Enterprise Server.