Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-46930: SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14 · Issue #2666 · gpac/gpac

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14.

CVE
Open in Source
#vulnerability#ubuntu#linux#js#git#c++#ssl

SEGV in MP4Box****Description

SEGV in gpac/MP4Box.

#0 0x7ffff6697edd in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14

Version

MP4Box - GPAC version 2.3-DEV-rev605-gfc9e29089-master © 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io

Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC: https://doi.org/10.1145/1291233.1291452

GPAC Configuration: Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SSL GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_JPEG GPAC_HAS_PNG GPAC_HAS_FFMPEG GPAC_HAS_VORBIS GPAC_HAS_LINUX_DVB

ASAN Log

./MP4Box -def -saf -unhint -ocr -out /dev/null poc5gpac

AddressSanitizer:DEADLYSIGNAL

==3351432==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000002c (pc 0x7ffff6697edd bp 0x7ffffffe65f0 sp 0x7ffffffe6420 T0) ==3351432==The signal is caused by a READ memory access. ==3351432==Hint: address points to the zero page. #0 0x7ffff6697edd in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14 #1 0x7ffff6910e8e in gf_media_export_saf /afltest/gpac/src/media_tools/media_export.c:851:16 #2 0x7ffff69121c1 in gf_media_export /afltest/gpac/src/media_tools/media_export.c:1391:49 #3 0x4fe755 in mp4box_main /afltest/gpac/applications/mp4box/mp4box.c:6577:7 #4 0x7ffff58cc082 in __libc_start_main /build/glibc-BHL3KM/glibc-2.31/csu/…/csu/libc-start.c:308:16 #5 0x42adad in _start (/afltest/gpac/bin/gcc/MP4Box+0x42adad)

AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /afltest/gpac/src/isomedia/media_odf.c:522:14 in gf_isom_find_od_id_for_track ==3351432==ABORTING

Reproduction

git clone https://github.com/gpac/gpac.git cd gpac ./configure --enable-sanitizer make -j24

./bin/gcc/MP4Box -def -saf -unhint -ocr -out /dev/null poc5gpac

PoC

poc5gpac: https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/poc5gpac

****Impact****

This vulnerability is capable of causing crashes.

Reference

https://github.com/gpac/gpac

Environment

ubuntu:20.04
gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.2)
clang version 10.0.0-4ubuntu1
afl-cc++4.09

Credit

Zeng Yunxiang

Song Jiaxuan

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE