Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-46928: SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42 · Issue #2661 · gpac/gpac

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42.

CVE
#vulnerability#ubuntu#linux#js#git#c++#ssl

SEGV in MP4Box****Description

SEGV in gpac/MP4Box.

#0 0x7ffff6798224 in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42

Version

MP4Box - GPAC version 2.3-DEV-rev605-gfc9e29089-master © 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io

Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC: https://doi.org/10.1145/1291233.1291452

GPAC Configuration: Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SSL GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_JPEG GPAC_HAS_PNG GPAC_HAS_FFMPEG GPAC_HAS_VORBIS GPAC_HAS_LINUX_DVB

ASAN Log

./MP4Box -add self:svcmode=splitbase:negctts:compat=15 poc3gpac

AddressSanitizer:DEADLYSIGNAL

==3037861==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000002 (pc 0x7ffff6798224 bp 0x00000000000f sp 0x7ffffffec1c0 T0) ==3037861==The signal is caused by a WRITE memory access. ==3037861==Hint: address points to the zero page. #0 0x7ffff6798224 in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42 #1 0x54edae in import_file /afltest/gpac/applications/mp4box/fileimport.c:1767:8 #2 0x4f7d1e in do_add_cat /afltest/gpac/applications/mp4box/mp4box.c #3 0x4f7d1e in mp4box_main /afltest/gpac/applications/mp4box/mp4box.c:6196:13 #4 0x7ffff58cc082 in __libc_start_main /build/glibc-BHL3KM/glibc-2.31/csu/…/csu/libc-start.c:308:16 #5 0x42adad in _start (/afltest/gpac/bin/gcc/MP4Box+0x42adad)

AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /afltest/gpac/src/media_tools/isom_tools.c:3293:42 in gf_media_change_pl ==3037861==ABORTING

Reproduction

git clone https://github.com/gpac/gpac.git cd gpac ./configure --enable-sanitizer make -j24

./bin/gcc/MP4Box -add self:svcmode=splitbase:negctts:compat=15 poc3gpac

PoC

poc3gpac: https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/poc3gpac

****Impact****

This vulnerability is capable of causing crashes.

Reference

https://github.com/gpac/gpac

Environment

ubuntu:20.04
gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.2)
clang version 10.0.0-4ubuntu1
afl-cc++4.09

Credit

Zeng Yunxiang

Song Jiaxuan

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907