Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-41846: Allocate for large amounts of memory failed in Ap4DataBuffer.cpp:210 at Bento4 1.5.1-627 when running mp42hls · Issue #342 · axiomatic-systems/Bento4

An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp.

CVE
#linux#c++#ibm

A crafted input will lead to Memory allocation failed in Ap4DataBuffer.cpp at Bento4 1.5.1-627

Triggered by
./mp42hls crash2.mp4

Poc
crash2.zip

Bento4 Version 1.5.1-627
The ASAN information is as follows:

==92387==ERROR: AddressSanitizer failed to allocate 0x80003000 (2147495936) bytes of LargeMmapAllocator (errno: 12)
==92387==Process memory map follows:
    0x000000400000-0x0000005aa000   /home/jas/Downloads/Bento4-SRC-1-5-1-627/cmakebuild/mp42hls
    0x0000007a9000-0x0000007aa000   /home/jas/Downloads/Bento4-SRC-1-5-1-627/cmakebuild/mp42hls
    0x0000007aa000-0x0000007b9000   /home/jas/Downloads/Bento4-SRC-1-5-1-627/cmakebuild/mp42hls
    0x0000007b9000-0x0000007ba000   
    0x00007fff7000-0x00008fff7000   
    0x00008fff7000-0x02008fff7000   
    0x02008fff7000-0x10007fff8000   
    0x600000000000-0x602000000000   
    0x602000000000-0x602000010000   
    0x602000010000-0x603000000000   
    0x603000000000-0x603000010000   
    0x603000010000-0x604000000000   
    0x604000000000-0x604000010000   
    0x604000010000-0x606000000000   
    0x606000000000-0x606000010000   
    0x606000010000-0x607000000000   
    0x607000000000-0x607000010000   
    0x607000010000-0x608000000000   
    0x608000000000-0x608000010000   
    0x608000010000-0x60b000000000   
    0x60b000000000-0x60b000010000   
    0x60b000010000-0x60c000000000   
    0x60c000000000-0x60c000010000   
    0x60c000010000-0x60d000000000   
    0x60d000000000-0x60d000010000   
    0x60d000010000-0x60e000000000   
    0x60e000000000-0x60e000010000   
    0x60e000010000-0x610000000000   
    0x610000000000-0x610000010000   
    0x610000010000-0x611000000000   
    0x611000000000-0x611000010000   
    0x611000010000-0x613000000000   
    0x613000000000-0x613000010000   
    0x613000010000-0x614000000000   
    0x614000000000-0x614000020000   
    0x614000020000-0x615000000000   
    0x615000000000-0x615000020000   
    0x615000020000-0x616000000000   
    0x616000000000-0x616000020000   
    0x616000020000-0x619000000000   
    0x619000000000-0x619000020000   
    0x619000020000-0x61c000000000   
    0x61c000000000-0x61c000020000   
    0x61c000020000-0x621000000000   
    0x621000000000-0x621000020000   
    0x621000020000-0x624000000000   
    0x624000000000-0x624000020000   
    0x624000020000-0x626000000000   
    0x626000000000-0x626000020000   
    0x626000020000-0x629000000000   
    0x629000000000-0x629000010000   
    0x629000010000-0x62d000000000   
    0x62d000000000-0x62d000020000   
    0x62d000020000-0x631000000000   
    0x631000000000-0x631000030000   
    0x631000030000-0x640000000000   
    0x640000000000-0x640000003000   
    0x7fe341500000-0x7fe341600000   
    0x7fe341700000-0x7fe341800000   
    0x7fe3418fe000-0x7fe343c50000   
    0x7fe343c50000-0x7fe343d58000   /lib/x86_64-linux-gnu/libm-2.23.so
    0x7fe343d58000-0x7fe343f57000   /lib/x86_64-linux-gnu/libm-2.23.so
    0x7fe343f57000-0x7fe343f58000   /lib/x86_64-linux-gnu/libm-2.23.so
    0x7fe343f58000-0x7fe343f59000   /lib/x86_64-linux-gnu/libm-2.23.so
    0x7fe343f59000-0x7fe343f5c000   /lib/x86_64-linux-gnu/libdl-2.23.so
    0x7fe343f5c000-0x7fe34415b000   /lib/x86_64-linux-gnu/libdl-2.23.so
    0x7fe34415b000-0x7fe34415c000   /lib/x86_64-linux-gnu/libdl-2.23.so
    0x7fe34415c000-0x7fe34415d000   /lib/x86_64-linux-gnu/libdl-2.23.so
    0x7fe34415d000-0x7fe344175000   /lib/x86_64-linux-gnu/libpthread-2.23.so
    0x7fe344175000-0x7fe344374000   /lib/x86_64-linux-gnu/libpthread-2.23.so
    0x7fe344374000-0x7fe344375000   /lib/x86_64-linux-gnu/libpthread-2.23.so
    0x7fe344375000-0x7fe344376000   /lib/x86_64-linux-gnu/libpthread-2.23.so
    0x7fe344376000-0x7fe34437a000   
    0x7fe34437a000-0x7fe34453a000   /lib/x86_64-linux-gnu/libc-2.23.so
    0x7fe34453a000-0x7fe34473a000   /lib/x86_64-linux-gnu/libc-2.23.so
    0x7fe34473a000-0x7fe34473e000   /lib/x86_64-linux-gnu/libc-2.23.so
    0x7fe34473e000-0x7fe344740000   /lib/x86_64-linux-gnu/libc-2.23.so
    0x7fe344740000-0x7fe344744000   
    0x7fe344744000-0x7fe34475a000   /lib/x86_64-linux-gnu/libgcc_s.so.1
    0x7fe34475a000-0x7fe344959000   /lib/x86_64-linux-gnu/libgcc_s.so.1
    0x7fe344959000-0x7fe34495a000   /lib/x86_64-linux-gnu/libgcc_s.so.1
    0x7fe34495a000-0x7fe344acc000   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
    0x7fe344acc000-0x7fe344ccc000   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
    0x7fe344ccc000-0x7fe344cd6000   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
    0x7fe344cd6000-0x7fe344cd8000   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
    0x7fe344cd8000-0x7fe344cdc000   
    0x7fe344cdc000-0x7fe344dd0000   /usr/lib/x86_64-linux-gnu/libasan.so.2.0.0
    0x7fe344dd0000-0x7fe344fd0000   /usr/lib/x86_64-linux-gnu/libasan.so.2.0.0
    0x7fe344fd0000-0x7fe344fd3000   /usr/lib/x86_64-linux-gnu/libasan.so.2.0.0
    0x7fe344fd3000-0x7fe344fd4000   /usr/lib/x86_64-linux-gnu/libasan.so.2.0.0
    0x7fe344fd4000-0x7fe345c49000   
    0x7fe345c49000-0x7fe345c6f000   /lib/x86_64-linux-gnu/ld-2.23.so
    0x7fe345d54000-0x7fe345e58000   
    0x7fe345e58000-0x7fe345e6e000   
    0x7fe345e6e000-0x7fe345e6f000   /lib/x86_64-linux-gnu/ld-2.23.so
    0x7fe345e6f000-0x7fe345e70000   /lib/x86_64-linux-gnu/ld-2.23.so
    0x7fe345e70000-0x7fe345e71000   
    0x7fffeaa6e000-0x7fffeaa8f000   [stack]
    0x7fffeaae9000-0x7fffeaaeb000   [vvar]
    0x7fffeaaeb000-0x7fffeaaed000   [vdso]
    0xffffffffff600000-0xffffffffff601000   [vsyscall]
==92387==End of process memory map.
==92387==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/sanitizer_common/sanitizer_posix.cc:121 "(("unable to mmap" && 0)) != (0)" (0x0, 0x0)
    #0 0x7fe344d7c631  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa0631)
    #1 0x7fe344d815e3 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa55e3)
    #2 0x7fe344d89611  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xad611)
    #3 0x7fe344cfec0c  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x22c0c)
    #4 0x7fe344d7567e in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9967e)
    #5 0x4abb54 in AP4_DataBuffer::ReallocateBuffer(unsigned int) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4DataBuffer.cpp:210
    #6 0x4abb54 in AP4_DataBuffer::SetDataSize(unsigned int) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4DataBuffer.cpp:151
    #7 0x48ba72 in AP4_Sample::ReadData(AP4_DataBuffer&, unsigned int, unsigned int) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4Sample.cpp:147
    #8 0x48ba72 in AP4_Sample::ReadData(AP4_DataBuffer&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4Sample.cpp:127
    #9 0x4449dd in ReadSample /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Apps/Mp42Hls/Mp42Hls.cpp:976
    #10 0x4485af in WriteSamples /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Apps/Mp42Hls/Mp42Hls.cpp:1251
    #11 0x4412a0 in main /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Apps/Mp42Hls/Mp42Hls.cpp:2088
    #12 0x7fe34439a82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #13 0x4445b8 in _start (/home/jas/Downloads/Bento4-SRC-1-5-1-627/cmakebuild/mp42hls+0x4445b8)

FoundBy: [email protected]

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907