GPAC Heap-Based Buffer Overflow Vulnerability in GHI Demuxer Allowing Denial-of-Service

A heap-based buffer overflow vulnerability has been identified in GPAC version 2.4.0, specifically within the GHI demuxer filter. The issue arises in the 'ghi_dmx_declare_opid_bin' function, where the application improperly calculates memory allocation for property lists of type 'GF_PROP_VEC2I_LIST'. This miscalculation allows attackers to write data beyond the allocated memory bounds, potentially leading to a denial-of-service condition by causing the application to crash. Furthermore, such heap overflow vulnerabilities can often be exploited to execute arbitrary code.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by crashing the application. However, the nature of heap-based buffer overflows also introduces the potential for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by using GPAC to process a crafted GHI file that exploits the buffer overflow. This can be done by running GPAC with the 'inspect:full' option on the malicious GHI file, which triggers the overflow and causes the application to crash. The AddressSanitizer log confirms the heap-buffer-overflow error, indicating that the vulnerability has been successfully exploited.