Headline
CVE-2022-47088: Another Buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c · Issue #2340 · gpac/gpac
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow.
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c
while (nb_ctb_left >= uni_size_ctb) { nb_ctb_left -= uni_size_ctb; pps->tile_cols_width_ctb[pps->num_tile_cols] = uni_size_ctb; // when pps->num_tile_cols == 30, overflow at pps->tile_cols_width_ctb pps->num_tile_cols++; }
MP4Box - GPAC version 2.1-DEV-rev574-g9d5bb184b-master
(c) 2000-2022 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io
Please cite our work in your research:
GPAC Filters: https://doi.org/10.1145/3339825.3394929
GPAC: https://doi.org/10.1145/1291233.1291452
GPAC Configuration: --enable-sanitizer
Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SSL GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_LINUX_DVB GPAC_DISABLE_3D
./configure --enable-sanitizer
make
./MP4Box import -add poc_bof3.mp4
[Core] exp-golomb read failed, not enough bits in bitstream !
[VVC] Warning: Error parsing NAL unit
[Core] exp-golomb read failed, not enough bits in bitstream !
media_tools/av_parsers.c:10964:28: runtime error: index 30 out of bounds for type 'u32 [30]'
Related news
Gentoo Linux Security Advisory 202408-21
Gentoo Linux Security Advisory 202408-21 - Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 2.2.0 are affected.