Headline
CVE-2021-41458: SEGV on unknown address in MP4Box at src/utils/error.c:1769 in gf_blob_get · Issue #1910 · gpac/gpac
In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability.
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
- I looked for a similar issue and couldn’t find any.
- I tried with the latest version of GPAC. Installers available at http://gpac.io/downloads/gpac-nightly-builds/
- I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command-line …).
Step to reproduce:
1.get latest commit code (GPAC version 1.1.0-DEV-rev1216-gb39aa09c0-master)
2.compile with --enable-sanitizer
3.run MP4Box -add poc.nhml -new new.mp4
Env:
Ubunut 20.04 , clang 12.0.1
ASAN report
poc.zip
AddressSanitizer:DEADLYSIGNAL
=================================================================
==344428==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x7fcb7d118779 bp 0x7ffe1832c550 sp 0x7ffe1832c480 T0)
==344428==The signal is caused by a READ memory access.
==344428==Hint: this fault was caused by a dereference of a high value address (see register values below). Disassemble the provided pc to learn which register was used.
#0 0x7fcb7d118779 in gf_blob_get /home/lly/pro/gpac_asan/src/utils/error.c:1769:12
#1 0x7fcb7d0eb2ea in gf_fileio_from_blob /home/lly/pro/gpac_asan/src/utils/os_file.c:1287:13
#2 0x7fcb7d0eb2ea in gf_fopen_ex /home/lly/pro/gpac_asan/src/utils/os_file.c:1314:14
#3 0x7fcb7dc90328 in nhmldmx_send_sample /home/lly/pro/gpac_asan/src/filters/dmx_nhml.c:1101:9
#4 0x7fcb7dc90328 in nhmldmx_process /home/lly/pro/gpac_asan/src/filters/dmx_nhml.c:1341:7
#5 0x7fcb7dbbc997 in gf_filter_process_task /home/lly/pro/gpac_asan/src/filter_core/filter.c:2441:7
#6 0x7fcb7db9e965 in gf_fs_thread_proc /home/lly/pro/gpac_asan/src/filter_core/filter_session.c:1664:3
#7 0x7fcb7db9de60 in gf_fs_run /home/lly/pro/gpac_asan/src/filter_core/filter_session.c:1901:2
#8 0x7fcb7d6bf708 in gf_media_import /home/lly/pro/gpac_asan/src/media_tools/media_import.c:1486:2
#9 0x526ea9 in import_file /home/lly/pro/gpac_asan/applications/mp4box/fileimport.c:1289:7
#10 0x4eb996 in do_add_cat /home/lly/pro/gpac_asan/applications/mp4box/main.c:4257:10
#11 0x4e7d46 in mp4boxMain /home/lly/pro/gpac_asan/applications/mp4box/main.c:5746:13
#12 0x7fcb7c9400b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
#13 0x429a4d in _start (/home/lly/pro/gpac_asan/bin/gcc/MP4Box+0x429a4d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/lly/pro/gpac_asan/src/utils/error.c:1769:12 in gf_blob_get
==344428==ABORTINGRelated news
Gentoo Linux Security Advisory 202408-21
Gentoo Linux Security Advisory 202408-21 - Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 2.2.0 are affected.