| عنوان | GPAC MP4Box <= 2.4.0 (master commit 7508ccc and earlier) Null pointer dereference (Denial of Service) |
|---|
| الوصف | GPAC is an open-source multimedia framework that provides the MP4Box tool for parsing, editing, and streaming MP4 files.
A null pointer dereference vulnerability exists in the MergeFragment() function of GPAC MP4Box 2.4.0 and earlier versions (including master commit 7508ccc). When processing a malformed MP4 file with the "-hint" parameter, the program passes a NULL pointer as the second argument to a libc string/memory function annotated with the "nonnull" attribute. This triggers an UndefinedBehaviorSanitizer (UBSan) error and causes the program to receive a SIGABRT signal, resulting in a denial of service condition.
This issue appears to be related to previously fixed vulnerabilities #2166 and #2600, potentially indicating an incomplete fix or an unhandled edge case.
Reproduction steps:
1. Compile GPAC from the latest master branch (commit 7508ccc) with UndefinedBehaviorSanitizer enabled
2. Obtain the malformed MP4 file (POC) from the attached link
3. Execute the command: ./MP4Box -hint ./malformed.mp4
4. The program crashes with a UBSan null pointer error at isomedia/isom_intern.c:174
Stack trace:
#0 0x7ffff56df1e6 in MergeFragment /home/gpac/gpac-2/slatest/src/isomedia/isom_intern.c:174:5
#1 0x7ffff56e51b3 in gf_isom_parse_movie_boxes_internal /home/gpac/gpac-2/slatest/src/isomedia/isom_intern.c:784:9
#2 0x7ffff56eae39 in gf_isom_open_file /home/gpac/gpac-2/slatest/src/isomedia/isom_intern.c:1081:19
#3 0x5555556a132a in mp4box_main /home/gpac/gpac-2/slatest/applications/mp4box/mp4box.c:6481:12 |
|---|
| المصدر | ⚠️ https://github.com/gpac/gpac/issues/3549 |
|---|
| المستخدم | fczhang (UID 97720) |
|---|
| ارسال | 30/04/2026 04:13 AM (1 شهر منذ) |
|---|
| الاعتدال | 26/05/2026 12:52 PM (26 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 365629 [GPAC حتى 2.4.0 MP4Box isom_intern.c MergeFragment الحرمان من الخدمة] |
|---|
| النقاط | 20 |
|---|