Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-47656: buffer overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8273 · Issue #2353 · gpac/gpac

GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8273

CVE
#linux#js#buffer_overflow#ssl

Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!

buffer overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8273

MP4Box - GPAC version 2.1-DEV-rev617-g85ce76efd-master
(c) 2000-2022 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io

Please cite our work in your research:
    GPAC Filters: https://doi.org/10.1145/3339825.3394929
    GPAC: https://doi.org/10.1145/1291233.1291452

GPAC Configuration: --enable-sanitizer
Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SSL GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_LINUX_DVB  GPAC_DISABLE_3D


./configure --enable-sanitizer
make
./MP4Box import -cat poc_bof9.mp4


[HEVC] Error parsing NAL unit type 33
[HEVC] Error parsing Sequence Param Set
[HEVC] Error parsing NAL unit type 33
[HEVC] Error parsing Sequence Param Set
media_tools/av_parsers.c:8273:32: runtime error: index 159 out of bounds for type 'HEVC_RepFormat [16]'

Related news

Gentoo Linux Security Advisory 202408-21

Gentoo Linux Security Advisory 202408-21 - Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 2.2.0 are affected.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907