Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-41419: Detected memory leaks in mp4encrypt · Issue #766 · axiomatic-systems/Bento4

Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_Processor::Process function in the mp4encrypt binary.

CVE
#ubuntu#linux#c++#docker#ssl

Summary

Hi, developers of Bento4:
I tested the binary mp4encrypt with my fuzzer, and a crash incurred, i.e., memory leaks error. The version of Bento4 is the latest (the newest master branch) and the operation system is Ubuntu 18.04.6 LTS (docker). The following is the details.

Details

root@c08635047aea:/fuzz-mp4encrypt/mp4encrypt# ./mp4encrypt --method MARLIN-IPMP-ACBC ../out/crashes/id\:000007\,sig\:06\,src\:000001\,op\:flip1\,pos\:14136\,934837 /dev/null
WARNING: track ID 1 will not be encrypted
WARNING: atom serialized to fewer bytes than declared size

=================================================================
==3055140==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 104 byte(s) in 1 object(s) allocated from:
    #0 0x9a1c90 in malloc /llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x7fda31f4c297 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x93297)
    #2 0x64923f in AP4_Processor::Process(AP4_ByteStream&, AP4_ByteStream&, AP4_ByteStream*, AP4_Processor::ProgressListener*, AP4_AtomFactory&) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x64923f)
    #3 0x42128c in main (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x42128c)
    #4 0x7fda31110c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 3328 byte(s) in 2 object(s) allocated from:
    #0 0x9a1c90 in malloc /llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x7fda31f4c297 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x93297)
    #2 0x5b2921 in AP4_MarlinIpmpEncryptingProcessor::Initialize(AP4_AtomParent&, AP4_ByteStream&, AP4_Processor::ProgressListener*) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x5b2921)
    #3 0x64923f in AP4_Processor::Process(AP4_ByteStream&, AP4_ByteStream&, AP4_ByteStream*, AP4_Processor::ProgressListener*, AP4_AtomFactory&) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x64923f)
    #4 0x42128c in main (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x42128c)
    #5 0x7fda31110c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 1024 byte(s) in 1 object(s) allocated from:
    #0 0x9a1c90 in malloc /llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x7fda31f4c297 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x93297)
    #2 0x8b62f9 in AP4_Expandable::Write(AP4_ByteStream&) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x8b62f9)
    #3 0x5b2540 in AP4_MarlinIpmpEncryptingProcessor::Initialize(AP4_AtomParent&, AP4_ByteStream&, AP4_Processor::ProgressListener*) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x5b2540)
    #4 0x64923f in AP4_Processor::Process(AP4_ByteStream&, AP4_ByteStream&, AP4_ByteStream*, AP4_Processor::ProgressListener*, AP4_AtomFactory&) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x64923f)
    #5 0x42128c in main (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x42128c)
    #6 0x7fda31110c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 224 byte(s) in 5 object(s) allocated from:
    #0 0x9a1c90 in malloc /llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x7fda31f4c297 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x93297)
    #2 0x64923f in AP4_Processor::Process(AP4_ByteStream&, AP4_ByteStream&, AP4_ByteStream*, AP4_Processor::ProgressListener*, AP4_AtomFactory&) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x64923f)
    #3 0x42128c in main (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x42128c)
    #4 0x7fda31110c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 4680 byte(s) leaked in 9 allocation(s).

POC

mp4encrypt_poc1.zip

Environment

Ubuntu 18.04.6 LTS (docker)
clang 12.0.1
clang++ 12.0.1
Bento4 master branch(5b7cc25) && Bento4 release version(1.6.0-639)

Credit

Xudong Cao (NCNIPC of China)
Han Zheng (NCNIPC of China, Hexhive)

Thank you for your time!

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907