Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-46313: A segmentation fault in MP4Box · Issue #2039 · gpac/gpac

The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentation fault via the function __memmove_avx_unaligned_erms (). This vulnerability can lead to a Denial of Service (DoS).

CVE
Open in Source
#vulnerability#dos#git

Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!

  • I looked for a similar issue and couldn’t find any.
  • I tried with the latest version of GPAC. Installers available at http://gpac.io/downloads/gpac-nightly-builds/
  • I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command-line …). I can share files anonymously with this dropbox: https://www.mediafire.com/filedrop/filedrop_hosted.php?drop=eec9e058a9486fe4e99c33021481d9e1826ca9dbc242a6cfaab0fe95da5e5d95

Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/

Version:

./MP4Box -version
MP4Box - GPAC version 1.1.0-DEV-rev1615-g9ce097b4a-master

command:

./bin/gcc/MP4Box -bt POC2

POC2.zip

Result

bt

Program received signal SIGSEGV, Segmentation fault.
0x0000000000d84a84 in __memmove_avx_unaligned_erms ()
LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA
───────────────────────────────────────────────────────────────────────────────────[ REGISTERS ]────────────────────────────────────────────────────────────────────────────────────
 RAX  0x1100d60 ◂— 0x0
 RBX  0x400788 ◂— 0x0
 RCX  0x1100d68 ◂— 0x61 /* 'a' */
 RDX  0x8802ff8
 RDI  0x1100d60 ◂— 0x0
 RSI  0x1100d68 ◂— 0x61 /* 'a' */
 R8   0x4
 R9   0x1103bd0 ◂— 0x4e0
 R10  0x1104918 ◂— 0x0
 R11  0x11040e0 —▸ 0x11010c0 —▸ 0x1101010 —▸ 0x1100ec0 —▸ 0x1103180 ◂— ...
 R12  0xd0de10 (__libc_csu_fini) ◂— endbr64 
 R13  0x0
 R14  0x10aa018 (_GLOBAL_OFFSET_TABLE_+24) —▸ 0xd84910 (__memmove_avx_unaligned_erms) ◂— endbr64 
 R15  0x0
 RBP  0x7fffffff8620 —▸ 0x7fffffff8690 —▸ 0x7fffffff86e0 —▸ 0x7fffffff87b0 —▸ 0x7fffffff87d0 ◂— ...
 RSP  0x7fffffff85f8 —▸ 0x445aa6 (gf_list_rem+164) ◂— mov    rax, qword ptr [rbp - 0x18]
 RIP  0xd84a84 (__memmove_avx_unaligned_erms+372) ◂— vmovdqu ymm5, ymmword ptr [rsi + rdx - 0x20]
─────────────────────────────────────────────────────────────────────────────────────[ DISASM ]─────────────────────────────────────────────────────────────────────────────────────
 ► 0xd84a84 <__memmove_avx_unaligned_erms+372>    vmovdqu ymm5, ymmword ptr [rsi + rdx - 0x20]
   0xd84a8a <__memmove_avx_unaligned_erms+378>    vmovdqu ymm6, ymmword ptr [rsi + rdx - 0x40]
   0xd84a90 <__memmove_avx_unaligned_erms+384>    vmovdqu ymm7, ymmword ptr [rsi + rdx - 0x60]
   0xd84a96 <__memmove_avx_unaligned_erms+390>    vmovdqu ymm8, ymmword ptr [rsi + rdx - 0x80]
   0xd84a9c <__memmove_avx_unaligned_erms+396>    mov    r11, rdi
   0xd84a9f <__memmove_avx_unaligned_erms+399>    lea    rcx, [rdi + rdx - 0x20]
   0xd84aa4 <__memmove_avx_unaligned_erms+404>    mov    r8, rdi
   0xd84aa7 <__memmove_avx_unaligned_erms+407>    and    r8, 0x1f
   0xd84aab <__memmove_avx_unaligned_erms+411>    sub    r8, 0x20
   0xd84aaf <__memmove_avx_unaligned_erms+415>    sub    rsi, r8
   0xd84ab2 <__memmove_avx_unaligned_erms+418>    sub    rdi, r8
─────────────────────────────────────────────────────────────────────────────────────[ STACK ]──────────────────────────────────────────────────────────────────────────────────────
00:0000│ rsp 0x7fffffff85f8 —▸ 0x445aa6 (gf_list_rem+164) ◂— mov    rax, qword ptr [rbp - 0x18]
01:0008│     0x7fffffff8600 ◂— 0xffff8620
02:0010│     0x7fffffff8608 —▸ 0x1100710 —▸ 0x1100d60 ◂— 0x0
03:0018│     0x7fffffff8610 —▸ 0x56df73 (BM_EndOfStream) ◂— endbr64 
04:0020│     0x7fffffff8618 ◂— 0x11005ff01100710
05:0028│ rbp 0x7fffffff8620 —▸ 0x7fffffff8690 —▸ 0x7fffffff86e0 —▸ 0x7fffffff87b0 —▸ 0x7fffffff87d0 ◂— ...
06:0030│     0x7fffffff8628 —▸ 0x56e0ea (gf_bifs_flush_command_list+350) ◂— mov    rax, qword ptr [rbp - 0x18]
07:0038│     0x7fffffff8630 —▸ 0x7fffffff8670 —▸ 0x10eef50 —▸ 0x1101320 —▸ 0x10ef5b0 ◂— ...
───────────────────────────────────────────────────────────────────────────────────[ BACKTRACE ]────────────────────────────────────────────────────────────────────────────────────
 ► f 0         0xd84a84 __memmove_avx_unaligned_erms+372
   f 1         0x445aa6 gf_list_rem+164
   f 2         0x56e0ea gf_bifs_flush_command_list+350
   f 3         0x56e3fb gf_bifs_decode_command_list+340
   f 4         0x6c0631 gf_sm_load_run_isom+1994
   f 5         0x6a45a1 gf_sm_load_run+46
   f 6         0x418161 dump_isom_scene+981
   f 7         0x415b12 mp4boxMain+6395
─────────────────────────────────────────────────────────

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE