제출 #97354: mp4v2 project has Floating Point Exception vulnerability정보

제목 mp4v2 project has Floating Point Exception vulnerability
설명There has a FPE(Floating Point Exception) in mp4trackdump.cpp:54, function DumpTrack(). Attackers cause denial of service through carefully constructed malicious files. ``` Legend: code, data, rodata, value Stopped reason: SIGFPE 0x0000000000427aa6 in DumpTrack (mp4file=0xf80d10, tid=0x1) at /root/mp4v2/build/mp4v2/util/mp4trackdump.cpp:54 54 msectime /= timescale; gdb-peda$ p timescale $1 = 0x0 gdb-peda$ ``` I use gdb debug this program, you can see 'timescale' is 0 when open the malicious files. It cause the SIGFPE.
원천⚠️ https://github.com/10cksYiqiyinHangzhouTechnology/mp4v2_trackdump_poc
사용자
 10cksYiqiyinHangzhouTechnology (UID 41666)
제출2023. 03. 03. PM 02:19 (3 연령 ago)
모더레이션2023. 03. 17. AM 07:47 (14 days later)
상태수락
VulDB 항목223295 [MP4v2 2.1.2 mp4trackdump.cpp DumpTrack 서비스 거부]
포인트들20

이전개요다음

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!