Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-33720: Memory Leak in MP4BytesProperty · Issue #36 · enzo1982/mp4v2

mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty.

CVE
Open in Source
#ubuntu#linux#c++

I found a memory leak error in mp4property.cpp:533; it seems that the value of the member variable count is inconsistent.

Environment

OS: Ubuntu 18.04.6 LTS
Compiler: gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)

Compilation

autoreconf -i
CC=gcc CXX=g++ CFLAGS='-fsanitize=address -g' CXXFLAGS='-fsanitize=address -g' ./configure
make -j32

Command Line

./mp4info poc_BytesProperty.mp4

POC

poc_BytesProperty.mp4.zip

Report

/home/poc/mp4v2/.libs/mp4info version 2.1.2
/home/poc/poc_BytesProperty.mp4:
ReadAtom: "/home/poc/poc_BytesProperty.mp4": invalid atom size, extends outside parent atom - skipping to end of "" "moov" 11495 vs 896
Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
Read: "/home/poc/poc_BytesProperty.mp4": Descriptor 0x10 has more than one instance
ReadProperties: atom 'iods' is too small; overrun at property:  (src/mp4atom.cpp,392)
/home/poc/mp4v2/.libs/mp4info: can't open /home/poc/poc_BytesProperty.mp4

=================================================================
==13934==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 3 byte(s) in 1 object(s) allocated from:
    #0 0x7f338562db40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    #1 0x7f3384fdf4ac in mp4v2::impl::MP4Malloc(unsigned long) src/mp4util.h:63
    #2 0x7f3384ff0d89 in mp4v2::impl::MP4Calloc(unsigned long) src/mp4util.h:72
    #3 0x7f338507432f in mp4v2::impl::MP4BytesProperty::MP4BytesProperty(mp4v2::impl::MP4Atom&, char const*, unsigned int, unsigned int) src/mp4property.cpp:533
    #4 0x7f33850945b7 in mp4v2::impl::MP4CreatorDescriptor::MP4CreatorDescriptor(mp4v2::impl::MP4Atom&, unsigned char) src/ocidescriptors.cpp:202
    #5 0x7f3385095061 in mp4v2::impl::CreateOCIDescriptor(mp4v2::impl::MP4Atom&, unsigned char) src/ocidescriptors.cpp:296
    #6 0x7f338500bd3a in mp4v2::impl::MP4DescriptorProperty::CreateDescriptor(mp4v2::impl::MP4Atom&, unsigned char) src/descriptors.cpp:602
    #7 0x7f33850790f5 in mp4v2::impl::MP4DescriptorProperty::AddDescriptor(unsigned char) src/mp4property.cpp:904
    #8 0x7f3385079fa8 in mp4v2::impl::MP4DescriptorProperty::Read(mp4v2::impl::MP4File&, unsigned int) src/mp4property.cpp:1019
    #9 0x7f338503bfbf in mp4v2::impl::MP4Descriptor::ReadProperties(mp4v2::impl::MP4File&, unsigned int, unsigned int) src/mp4descriptor.cpp:122
    #10 0x7f338503b77e in mp4v2::impl::MP4Descriptor::Read(mp4v2::impl::MP4File&) src/mp4descriptor.cpp:80
    #11 0x7f338507a01a in mp4v2::impl::MP4DescriptorProperty::Read(mp4v2::impl::MP4File&, unsigned int) src/mp4property.cpp:1021
    #12 0x7f338502fcc1 in mp4v2::impl::MP4Atom::ReadProperties(unsigned int, unsigned int) src/mp4atom.cpp:383
    #13 0x7f338502f056 in mp4v2::impl::MP4Atom::Read() src/mp4atom.cpp:237
    #14 0x7f338502eab9 in mp4v2::impl::MP4Atom::ReadAtom(mp4v2::impl::MP4File&, mp4v2::impl::MP4Atom*) src/mp4atom.cpp:202
    #15 0x7f3385030770 in mp4v2::impl::MP4Atom::ReadChildAtoms() src/mp4atom.cpp:435
    #16 0x7f338502f07b in mp4v2::impl::MP4Atom::Read() src/mp4atom.cpp:241
    #17 0x7f338502eab9 in mp4v2::impl::MP4Atom::ReadAtom(mp4v2::impl::MP4File&, mp4v2::impl::MP4Atom*) src/mp4atom.cpp:202
    #18 0x7f3385030770 in mp4v2::impl::MP4Atom::ReadChildAtoms() src/mp4atom.cpp:435
    #19 0x7f338502f07b in mp4v2::impl::MP4Atom::Read() src/mp4atom.cpp:241
    #20 0x7f338504098f in mp4v2::impl::MP4File::ReadFromFile() src/mp4file.cpp:457
    #21 0x7f338503d417 in mp4v2::impl::MP4File::Read(char const*, MP4FileProvider_s const*, MP4IOCallbacks_s const*, void*) src/mp4file.cpp:101
    #22 0x7f33850193e6 in MP4ReadProvider src/mp4.cpp:105
    #23 0x7f3385019389 in MP4Read src/mp4.cpp:92
    #24 0x7f338506f3f8 in MP4FileInfo src/mp4info.cpp:621
    #25 0x5597552bf97d in main util/mp4info.cpp:77
    #26 0x7f33844e4c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 3 byte(s) leaked in 1 allocation(s).

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE