Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-23928: A heap-buffer-overflow in box_code_adobe.c:124 · Issue #1568 · gpac/gpac

An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read.

CVE
Open in Source
#linux#c++

CFLAGS="-g -fsanitize=address" LDFLAGS="-fsanitize=address" ./configure --static-mp4box

=================================================================
==24631==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000e114 at pc 0x7f2a609a93d5 bp 0x7ffe7daf8840 sp 0x7ffe7daf7fe8
READ of size 5 at 0x60200000e114 thread T0
    #0 0x7f2a609a93d4 in strdup (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x623d4)
    #1 0x55979e0874b7 in abst_box_read isomedia/box_code_adobe.c:124
    #2 0x55979de76b64 in gf_isom_box_read isomedia/box_funcs.c:1681
    #3 0x55979de76b64 in gf_isom_box_parse_ex isomedia/box_funcs.c:259
    #4 0x55979de78041 in gf_isom_parse_root_box isomedia/box_funcs.c:38
    #5 0x55979deaf6f5 in gf_isom_parse_movie_boxes isomedia/isom_intern.c:259
    #6 0x55979deba951 in gf_isom_parse_movie_boxes isomedia/isom_intern.c:247
    #7 0x55979deba951 in gf_isom_open_file isomedia/isom_intern.c:740
    #8 0x55979d7e47e3 in mp4boxMain /home/seviezhou/gpac/applications/mp4box/main.c:5331
    #9 0x7f2a5f973b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #10 0x55979d7b5f09 in _start (/home/seviezhou/gpac/bin/gcc/MP4Box+0x27ff09)

0x60200000e114 is located 0 bytes to the right of 4-byte region [0x60200000e110,0x60200000e114)
allocated by thread T0 here:
    #0 0x7f2a609df612 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98612)
    #1 0x55979e0853a9 in abst_box_read isomedia/box_code_adobe.c:97

SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 strdup
Shadow bytes around the buggy address:
  0x0c047fff9bd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9be0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9bf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9c00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9c10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa 02 fa
=>0x0c047fff9c20: fa fa[04]fa fa fa 00 00 fa fa 00 00 fa fa 00 00
  0x0c047fff9c30: fa fa 00 00 fa fa 00 00 fa fa fd fa fa fa 00 fa
  0x0c047fff9c40: fa fa 00 00 fa fa 00 00 fa fa 00 07 fa fa fd fa
  0x0c047fff9c50: fa fa 00 02 fa fa 04 fa fa fa fd fa fa fa 07 fa
  0x0c047fff9c60: fa fa fd fa fa fa 05 fa fa fa fd fa fa fa 00 fa
  0x0c047fff9c70: fa fa fd fa fa fa 07 fa fa fa fd fa fa fa 07 fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==24631==ABORTING

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE