Headline
CVE-2022-40884: CVE/CVE-2022-40884.md at main · yangfar/CVE
Bento4 1.6.0 has memory leaks via the mp4fragment.
CVE-2022-40884
I use AFL when fuzzing and got some crashes.
Following is the detail.
==3780==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 48 byte(s) in 1 object(s) allocated from: #0 0x4c470d in operator new(unsigned long) (/home/hjsz/Bento4/cmakebuild/mp4fragment+0x4c470d) #1 0x653b06 in AP4_StdcFileByteStream::Create(AP4_FileByteStream*, char const*, AP4_FileByteStream::Mode, AP4_ByteStream*&) /home/hjsz/Bento4/Source/C++/System/StdC/Ap4StdCFileByteStream.cpp:279:14
SUMMARY: AddressSanitizer: 48 byte(s) leaked in 1 allocation(s).
crash
Command
- ./mp4fragment ./POC
Environment
Ubuntu 20.04
CLang 10.0.1
Bento4 Version 1.6.0.0
MP4 Fragmenter - Version 1.7.0