GPAC Buffer Overflow Vulnerability in SVG Parser Component

A heap buffer overflow vulnerability has been identified in GPAC version 26.03-DEV. The issue arises in the SVG parser component, specifically within the `svgin_process` function of the file `src/filters/load_svg.c`. This vulnerability allows for an out-of-bounds write, which could potentially be exploited to execute arbitrary code or cause a denial-of-service condition. The vulnerability requires local access to be exploited.

Impact

Exploitation of this vulnerability leads to a heap buffer overflow, causing both out-of-bounds read and write operations. Such memory corruption can often be exploited to execute arbitrary code.

Reproduction

The vulnerability can be reproduced by saving a crafted MP4 file that exploits the buffer overflow into a file named `poc_dims_oob.mp4`. Then, run GPAC with the command `gpac -i poc_dims_oob.mp4 svgplay compositor vout`. This will open the GPAC compositor, which will crash shortly after a white screen, indicating that the buffer overflow has been successfully exploited.

Remediation

Users are advised to update to the patched version of GPAC 26.03-DEV, which is available on the GPAC GitHub repository.