Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-40774: SEGV at AP4_StszAtom::GetSampleSize(unsigned int, unsigned int&) in binary mp42ts · Issue #757 · axiomatic-systems/Bento4

An issue was discovered in Bento4 through 1.6.0-639. There is a NULL pointer dereference in AP4_StszAtom::GetSampleSize.

CVE
#mac#ubuntu#linux#docker

Hi There,
I tested the binary mp42ts with my fuzzer, and a crash incurred, i.e., SEGV on an unknown address error. Here are the details:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==6287==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000007021ab bp 0x7fff9e86cb50 sp 0x7fff9e86c5f0 T0)
==6287==The signal is caused by a READ memory access.
==6287==Hint: address points to the zero page.
    #0 0x7021ab in AP4_StszAtom::GetSampleSize(unsigned int, unsigned int&) (/fuzztest/mp42ts/mp42ts+0x7021ab)
    #1 0x5754fc in AP4_AtomSampleTable::GetSample(unsigned int, AP4_Sample&) (/fuzztest/mp42ts/mp42ts+0x5754fc)
    #2 0x40d0cb in TrackSampleReader::ReadSample(AP4_Sample&, AP4_DataBuffer&) (/fuzztest/mp42ts/mp42ts+0x40d0cb)
    #3 0x418342 in main (/fuzztest/mp42ts/mp42ts+0x418342)
    #4 0x7f9ae1a41c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
    #5 0x407c99 in _start (/fuzztest/mp42ts/mp42ts+0x407c99)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/fuzztest/mp42ts/mp42ts+0x7021ab) in AP4_StszAtom::GetSampleSize(unsigned int, unsigned int&)
==6287==ABORTING

System Details

Test Machine: Ubuntu 18.04 (docker)
Project Name: mp42ts (Bento4-1.6.0-639)

Command

./mp42ts mp42ts.demo /dev/null

Poc

mp42ts_Poc.zip

Credit

plcici (NCNIPC)
Han Zheng (NCNIPC, Hexhive)

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907