Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-33718: Memory Leak in mp4file_io · Issue #37 · enzo1982/mp4v2

mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::ReadString() at mp4file_io.cpp

CVE
Open in Source
#ubuntu#linux#c++#perl

I found a memory leak error in mp4file_io.cpp:409 and mp4file_io.cpp:354; it seems that the data buffer allocated to store the string is not properly deallocated.

Environment

OS: Ubuntu 18.04.6 LTS
Compiler: gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)

Compilation

autoreconf -i
CC=gcc CXX=g++ CFLAGS='-fsanitize=address -g' CXXFLAGS='-fsanitize=address -g' ./configure
make -j32

Command Line****POC

poc.zip

Report for POC_1

==6031==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x7fda4cd07b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    #1 0x7fda4c6b94ac in mp4v2::impl::MP4Malloc(unsigned long) src/mp4util.h:63
    #2 0x7fda4c745dd4 in mp4v2::impl::MP4File::ReadCountedString(unsigned char, bool, unsigned char) src/mp4file_io.cpp:409
    #3 0x7fda4c74d451 in mp4v2::impl::MP4StringProperty::Read(mp4v2::impl::MP4File&, unsigned int) src/mp4property.cpp:436
    #4 0x7fda4c709cc1 in mp4v2::impl::MP4Atom::ReadProperties(unsigned int, unsigned int) src/mp4atom.cpp:383
    #5 0x7fda4c709056 in mp4v2::impl::MP4Atom::Read() src/mp4atom.cpp:237
    #6 0x7fda4c708ab9 in mp4v2::impl::MP4Atom::ReadAtom(mp4v2::impl::MP4File&, mp4v2::impl::MP4Atom*) src/mp4atom.cpp:202
    #7 0x7fda4c70a770 in mp4v2::impl::MP4Atom::ReadChildAtoms() src/mp4atom.cpp:435
    #8 0x7fda4c70907b in mp4v2::impl::MP4Atom::Read() src/mp4atom.cpp:241
    #9 0x7fda4c71a98f in mp4v2::impl::MP4File::ReadFromFile() src/mp4file.cpp:457
    #10 0x7fda4c717417 in mp4v2::impl::MP4File::Read(char const*, MP4FileProvider_s const*, MP4IOCallbacks_s const*, void*) src/mp4file.cpp:101
    #11 0x7fda4c6f33e6 in MP4ReadProvider src/mp4.cpp:105
    #12 0x7fda4c6f3389 in MP4Read src/mp4.cpp:92
    #13 0x7fda4c7493f8 in MP4FileInfo src/mp4info.cpp:621
    #14 0x5618d819197d in main util/mp4info.cpp:77
    #15 0x7fda4bbbec86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).

Report for POC_2

==6046==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 256 byte(s) in 1 object(s) allocated from:
    #0 0x7f4ade7c5f30 in realloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdef30)
    #1 0x7f4ade1737d9 in mp4v2::impl::MP4Realloc(void*, unsigned int) src/mp4util.h:87
    #2 0x7f4ade203918 in mp4v2::impl::MP4File::ReadString() src/mp4file_io.cpp:354
    #3 0x7f4ade20b562 in mp4v2::impl::MP4StringProperty::Read(mp4v2::impl::MP4File&, unsigned int) src/mp4property.cpp:443
    #4 0x7f4ade1c7cc1 in mp4v2::impl::MP4Atom::ReadProperties(unsigned int, unsigned int) src/mp4atom.cpp:383
    #5 0x7f4ade182132 in mp4v2::impl::MP4HdlrAtom::Read() src/atom_hdlr.cpp:79
    #6 0x7f4ade1c6ab9 in mp4v2::impl::MP4Atom::ReadAtom(mp4v2::impl::MP4File&, mp4v2::impl::MP4Atom*) src/mp4atom.cpp:202
    #7 0x7f4ade1c8770 in mp4v2::impl::MP4Atom::ReadChildAtoms() src/mp4atom.cpp:435
    #8 0x7f4ade1c707b in mp4v2::impl::MP4Atom::Read() src/mp4atom.cpp:241
    #9 0x7f4ade1c6ab9 in mp4v2::impl::MP4Atom::ReadAtom(mp4v2::impl::MP4File&, mp4v2::impl::MP4Atom*) src/mp4atom.cpp:202
    #10 0x7f4ade1c8770 in mp4v2::impl::MP4Atom::ReadChildAtoms() src/mp4atom.cpp:435
    #11 0x7f4ade1c707b in mp4v2::impl::MP4Atom::Read() src/mp4atom.cpp:241
    #12 0x7f4ade1c6ab9 in mp4v2::impl::MP4Atom::ReadAtom(mp4v2::impl::MP4File&, mp4v2::impl::MP4Atom*) src/mp4atom.cpp:202
    #13 0x7f4ade1c8770 in mp4v2::impl::MP4Atom::ReadChildAtoms() src/mp4atom.cpp:435
    #14 0x7f4ade1c707b in mp4v2::impl::MP4Atom::Read() src/mp4atom.cpp:241
    #15 0x7f4ade1c6ab9 in mp4v2::impl::MP4Atom::ReadAtom(mp4v2::impl::MP4File&, mp4v2::impl::MP4Atom*) src/mp4atom.cpp:202
    #16 0x7f4ade1c8770 in mp4v2::impl::MP4Atom::ReadChildAtoms() src/mp4atom.cpp:435
    #17 0x7f4ade1c707b in mp4v2::impl::MP4Atom::Read() src/mp4atom.cpp:241
    #18 0x7f4ade1d898f in mp4v2::impl::MP4File::ReadFromFile() src/mp4file.cpp:457
    #19 0x7f4ade1d5417 in mp4v2::impl::MP4File::Read(char const*, MP4FileProvider_s const*, MP4IOCallbacks_s const*, void*) src/mp4file.cpp:101
    #20 0x7f4ade1b13e6 in MP4ReadProvider src/mp4.cpp:105
    #21 0x7f4ade1b1389 in MP4Read src/mp4.cpp:92
    #22 0x7f4ade2073f8 in MP4FileInfo src/mp4info.cpp:621
    #23 0x55c425fe597d in main util/mp4info.cpp:77
    #24 0x7f4add67cc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 256 byte(s) leaked in 1 allocation(s).

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE