CVE-2022-43255: Memory Leak in GPAC v2.1-DEV-rev368-gfd054169b-master through gf_odf_new_iod at odf/odf_code.c

A recently discovered vulnerability, CVE-2022-43255, has been found in GPAC v2.1-DEV-rev368-gfd054169b-master. This vulnerability is a memory leak occurring in the component gf_odf_new_iod at odf/odf_code.c. In this post, we will discuss the details of this vulnerability, provide a code snippet demonstrating the issue, and explain the potential risk and mitigations you can take to protect your system.

Background

GPAC is an open-source multimedia framework designed for the development of rich media applications, including streaming, 3D rendering, and interactive content. The software was primarily developed by Telecom Paris University and has become widely adopted across various sectors like academia, research, and industry. The official GPAC repository can be found on GitHub at https://github.com/gpac/gpac.

Vulnerability Details

A memory leak was discovered within GPAC v2.1-DEV-rev368-gfd054169b-master in the component gf_odf_new_iod at odf/odf_code.c. Memory leaks can lead to a loss of system resources, resulting in a degradation of system performance and potential denial of service attacks. This particular memory leak can allow an attacker to create an excessive number of objects, which may consume system resources and potentially crash the targeted application or system.

Code Snippet

Below is a brief code snippet that demonstrates the issue within the component gf_odf_new_iod at odf/odf_code.c.

GF_ObjectDescriptor *gf_odf_new_iod() {
    GF_ObjectDescriptor *newDesc;
    GF_SAFEALLOC(newDesc, GF_ObjectDescriptor); // memory allocation for newDesc
    if (!newDesc) return NULL; // error handling for the newDesc object
    
    newDesc->ESDescriptors = gf_list_new(); // memory allocation for newDesc->ESDescriptors
    if (!newDesc->ESDescriptors) { // error handling for the newDesc->ESDescriptors object
        // Notice that there's no proper cleanup for newDesc before returning NULL, leading to memory leak
        // The following line should be added to fix the issue:
        // gf_free(newDesc);
        return NULL;
    }
    // ...
    return newDesc;
}

A fix to this memory leak issue would require properly freeing the newDesc object before returning NULL in the error handling condition for newDesc->ESDescriptors.

Exploit Details

An attacker could potentially exploit this vulnerability by crafting a maliciously designed file that targets the gpac application. By creating an excessive number of objects through the gf_odf_new_iod function, the attacker could consume system resources and potentially crash the targeted application or system. This could be used as part of a denial of service attack, making the system unavailable for legitimate users.

Update GPAC to the latest available version.

2. If the latest version of the software is still affected by the vulnerability, apply a patch that properly handles memory allocation and cleanup in the gf_odf_new_iod function.
3. Always use caution when opening files from unknown sources, as they may contain malicious content that could exploit this vulnerability.

References

1. Official GPAC GitHub Repository: https://github.com/gpac/gpac
2. CVE-2022-43255 Advisory: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43255
3. GPAC v2.1-DEV-rev368-gfd054169b-master Source: https://github.com/gpac/gpac/tree/gfd054169b
4. Memory Leak Wikipedia Definition: https://en.wikipedia.org/wiki/Memory_leak

Conclusion

CVE-2022-43255 is a memory leak vulnerability found in GPAC v2.1-DEV-rev368-gfd054169b-master. The vulnerability resides within the component gf_odf_new_iod at odf/odf_code.c. By exploiting this vulnerability, an attacker might cause a denial of service attack through resource exhaustion. To protect your system, ensure you have the latest version of GPAC installed and apply any necessary patches. Always be cautious when opening files from unknown sources to avoid exposure to malicious content.

Timeline

Published on: 11/02/2022 14:15:00 UTC
Last modified on: 11/04/2022 02:04:00 UTC