| عنوان | mp4v2 project has Floating Point Exception vulnerability |
|---|
| الوصف | There has a FPE(Floating Point Exception) in mp4trackdump.cpp:54, function DumpTrack(). Attackers cause denial of service through carefully constructed malicious files.
```
Legend: code, data, rodata, value
Stopped reason: SIGFPE
0x0000000000427aa6 in DumpTrack (mp4file=0xf80d10, tid=0x1) at /root/mp4v2/build/mp4v2/util/mp4trackdump.cpp:54
54 msectime /= timescale;
gdb-peda$ p timescale
$1 = 0x0
gdb-peda$
```
I use gdb debug this program, you can see 'timescale' is 0 when open the malicious files.
It cause the SIGFPE. |
|---|
| المصدر | ⚠️ https://github.com/10cksYiqiyinHangzhouTechnology/mp4v2_trackdump_poc |
|---|
| المستخدم | 10cksYiqiyinHangzhouTechnology (UID 41666) |
|---|
| ارسال | 03/03/2023 02:19 PM (3 سنوات منذ) |
|---|
| الاعتدال | 17/03/2023 07:47 AM (14 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 223295 [MP4v2 2.1.2 mp4trackdump.cpp DumpTrack الحرمان من الخدمة] |
|---|
| النقاط | 20 |
|---|