CVE-2018-13011

Vulnerability

A heap-based buffer over-read vulnerability exists in gpmf-parser version 1.1.2 within the GPMF_Validate function in GPMF_parser.c at line 129. The issue occurs when the function reads 4 bytes beyond the allocated heap buffer, as demonstrated by an AddressSanitizer report [1]. The buffer is allocated via realloc in GetGPMFPayload in GPMF_mp4reader.c [1].

Exploitation

An attacker can trigger the vulnerability by providing a specially crafted input file that causes GPMF_Validate to read past the end of the allocated heap region. No authentication or special privileges are required; the attack is achieved by processing the malicious file through the gpmf-parser library [1].

Impact

Successful exploitation results in a heap-based buffer over-read, which can cause a crash (denial of service) due to reading invalid memory. The impact is limited to availability; there is no indication of information disclosure or code execution from the available references [1].

Mitigation

As of the publication date (2018-06-29), no fix has been released for gpmf-parser 1.1.2. The issue remains open in the project's issue tracker [1]. Users should monitor the repository for updates or consider avoiding processing untrusted input with this version until a patch is available.