제출 #98442: mp4v2 project mp4track.cpp FPE vulnerability정보

제목	mp4v2 project mp4track.cpp FPE vulnerability
설명	There has a FPE(Floating Point Exception) in mp4track.cpp:999:46 in mp4v2::impl::MP4Track::GetSampleFileOffset(unsigned int), Attackers cause denial of service through carefully constructed malicious files. sampleId - ((sampleId - firstSample) % samplesPerChunk); Because malicious file causes samplesPerChunk == 0, It is FPE. ``` (base) ➜ build git:(main) ✗ ./mp4extract out/default/crashes/id:000000,sig:08,src:001076,time:147809374,execs:155756872,op:havoc,rep:8 ./mp4extract version 2.1.2 ReadAtom: "out/default/crashes/id:000000,sig:08,src:001076,time:147809374,execs:155756872,op:havoc,rep:8": invalid atom size, extends outside parent atom - skipping to end of "" "moov" 12337 vs 12050 ReadAtom: "out/default/crashes/id:000000,sig:08,src:001076,time:147809374,execs:155756872,op:havoc,rep:8": invalid atom size, extends outside parent atom - skipping to end of "stbl" "J" 1212684099 vs 5988 UndefinedBehaviorSanitizer:DEADLYSIGNAL ==2270667==ERROR: UndefinedBehaviorSanitizer: FPE on unknown address 0x7f4c8a4317b9 (pc 0x7f4c8a4317b9 bp 0x000000000000 sp 0x7ffc56e8d660 T2270667) #0 0x7f4c8a4317b9 in mp4v2::impl::MP4Track::GetSampleFileOffset(unsigned int) /root/mp4v2/src/mp4track.cpp:999:46 #1 0x7f4c8a42fc1a in mp4v2::impl::MP4Track::ReadSample(unsigned int, unsigned char*, unsigned int, unsigned long, unsigned long, unsigned long, bool, bool, unsigned int) /root/mp4v2/src/mp4track.cpp:306:27 #2 0x7f4c8a417c53 in mp4v2::impl::MP4File::ReadSample(unsigned int, unsigned int, unsigned char*, unsigned int, unsigned long, unsigned long, unsigned long, bool, bool, unsigned int) /root/mp4v2/src/mp4file.cpp:3119:41 #3 0x7f4c8a3f5aca in MP4ReadSample /root/mp4v2/src/mp4.cpp:3050:36 #4 0x42887b in ExtractTrack(void, unsigned int, bool, unsigned int, char) /root/mp4v2/util/mp4extract.cpp:223:14 #5 0x428376 in main /root/mp4v2/util/mp4extract.cpp:175:13 #6 0x7f4c89dcd082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16 #7 0x40679d in _start (/root/mp4v2/build/mp4extract+0x40679d) UndefinedBehaviorSanitizer can not provide additional info. SUMMARY: UndefinedBehaviorSanitizer: FPE /root/mp4v2/src/mp4track.cpp:999:46 in mp4v2::impl::MP4Track::GetSampleFileOffset(unsigned int) ==2270667==ABORTIN ```
원천	⚠️ https://github.com/RichTrouble/mp4v2_mp4track_poc
사용자	ccpx (UID 42350)
제출	2023. 03. 06. PM 12:17 (3 연령 ago)
모더레이션	2023. 03. 17. AM 07:49 (11 days later)
상태	수락
VulDB 항목	223296 [MP4v2 2.1.2 mp4track.cpp GetSampleFileOffset 서비스 거부]
포인트들	20

◂ 이전 개요 다음 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!