Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-37766: SEGV on unknown address 0x000000000038 · Issue #2516 · gpac/gpac

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_isom_remove_user_data function at /lib/libgpac.so.

CVE
Open in Source
#vulnerability#ubuntu#linux#c++

Hello,I use the fuzzer(AFL) to fuzz binary gpac and got some crashes.
The following is the details.

Title: SEGV on unknown address 0x000000000038

1. Description

SEGV on unknown address 0x000000000038 has occurred in function set_file_udta /root/gpac/applications/mp4box/fileimport.c:70:14
when running program MP4Box, this can reproduce on the lattest commit.

2. Software version info

fuzz@ubuntu:~/gpac2.1/gpac/bin/gcc$ MP4Box -version
MP4Box - GPAC version 2.3-DEV-rev395-g98979a443-master
(c) 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io

3. System version info

./uname -a
Linux ouc7 5.4.0-150-generic #167-Ubuntu SMP Mon May 15 17:35:05 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

4. Command

./MP4Box -udta 3:type=name -udta 3:type=name:str="Director Commentary" poc

5. Result

[iso file] Unknown top-level box type Ytra
[iso file] Box "mehd" (start 84) has 88 extra bytes
[iso file] Unknown top-level box type mo^v
[iso file] Unknown top-level box type 000000FF
UndefinedBehaviorSanitizer:DEADLYSIGNAL
==1680297==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x000000000038 (pc 0x7fe43b404373 bp 0x00006e616d65 sp 0x7ffcf11b03e0 T1680297)
==1680297==The signal is caused by a READ memory access.
==1680297==Hint: address points to the zero page.
    #0 0x7fe43b404373 in gf_isom_remove_user_data (/usr/local/lib/libgpac.so.12+0x318373)
    #1 0x467b3d in set_file_udta /root/gpac/applications/mp4box/fileimport.c:70:14
    #2 0x44aeb1 in do_track_act /root/gpac/applications/mp4box/mp4box.c:5612:8
    #3 0x44aeb1 in mp4box_main /root/gpac/applications/mp4box/mp4box.c:6694:6
    #4 0x7fe43ad7f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)
    #5 0x41304d in _start (/usr/local/bin/MP4Box+0x41304d)

UndefinedBehaviorSanitizer can not provide additional info.
SUMMARY: UndefinedBehaviorSanitizer: SEGV (/usr/local/lib/libgpac.so.12+0x318373) in gf_isom_remove_user_data
==1680297==ABORTING

6. Impact

This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution.

7. POC

POC file list
poc_lst.zip

Report of the Information Security Laboratory of Ocean University of China @OUC_ISLOUC @OUC_Blue_Whale

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE