| عنوان | GPAC MP4Box <= 2.4.0 (master commit 525bf1a and earlier) Memory leak (Denial of Service) |
|---|
| الوصف | GPAC is an open-source multimedia framework that provides the MP4Box tool for parsing, editing, and concatenating MP4 files.
A memory leak vulnerability exists in GPAC MP4Box 2.4.0 and earlier versions (including master commit 525bf1a). When using the "-cat" parameter to concatenate malformed MP4 files containing unsupported hint tracks, the program fails to release a sample buffer allocated in the Media_GetSample() function at src/isomedia/media.c:633.
The leak occurs when MP4Box removes unsupported hint tracks and creates new destination tracks, but the allocated buffer is not freed on this error path. Repeated exploitation can lead to memory exhaustion and denial of service. This issue is related to previously fixed vulnerability #3361, indicating an incomplete fix.
Reproduction steps:
Compile GPAC with AddressSanitizer/LeakSanitizer enabled
Prepare a normal MP4 file named white.mp4
Execute: ./MP4Box -cat ./poc.mp4 ./white.mp4 -out /dev/null
LeakSanitizer will report a direct leak of 1 byte allocated at media.c:633
Memory leak stack trace:Direct leak of 1 byte (s) in 1 object (s) allocated from:#0 0x555555674d4e in malloc (/home/gpac/gpac/bin/gcc/MP4Box+0x120d4e)#1 0x7ffff5541ac2 in Media_GetSample /home/gpac/gpac/src/isomedia/media.c:633:27#2 0x7ffff54219c2 in gf_isom_get_sample_ex /home/gpac/gpac/src/isomedia/isom_read.c:1966:6#3 0x7ffff5422298 in gf_isom_get_sample /home/gpac/gpac/src/isomedia/isom_read.c:1986:9` |
|---|
| المصدر | ⚠️ https://github.com/gpac/gpac/issues/3557 |
|---|
| المستخدم | fczhang (UID 97720) |
|---|
| ارسال | 01/05/2026 02:50 PM (1 شهر منذ) |
|---|
| الاعتدال | 26/05/2026 02:36 PM (25 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 365631 [GPAC حتى 2.4.0 MP4Box src/isomedia/media.c Media_GetSample cat الحرمان من الخدمة] |
|---|
| النقاط | 20 |
|---|