Submit #98442: mp4v2 project mp4track.cpp FPE vulnerabilityinfo

Titlemp4v2 project mp4track.cpp FPE vulnerability
DescriptionThere has a FPE(Floating Point Exception) in mp4track.cpp:999:46 in mp4v2::impl::MP4Track::GetSampleFileOffset(unsigned int), Attackers cause denial of service through carefully constructed malicious files. sampleId - ((sampleId - firstSample) % samplesPerChunk); Because malicious file causes samplesPerChunk == 0, It is FPE. ``` (base) ➜ build git:(main) ✗ ./mp4extract out/default/crashes/id:000000,sig:08,src:001076,time:147809374,execs:155756872,op:havoc,rep:8 ./mp4extract version 2.1.2 ReadAtom: "out/default/crashes/id:000000,sig:08,src:001076,time:147809374,execs:155756872,op:havoc,rep:8": invalid atom size, extends outside parent atom - skipping to end of "" "moov" 12337 vs 12050 ReadAtom: "out/default/crashes/id:000000,sig:08,src:001076,time:147809374,execs:155756872,op:havoc,rep:8": invalid atom size, extends outside parent atom - skipping to end of "stbl" "J" 1212684099 vs 5988 UndefinedBehaviorSanitizer:DEADLYSIGNAL ==2270667==ERROR: UndefinedBehaviorSanitizer: FPE on unknown address 0x7f4c8a4317b9 (pc 0x7f4c8a4317b9 bp 0x000000000000 sp 0x7ffc56e8d660 T2270667) #0 0x7f4c8a4317b9 in mp4v2::impl::MP4Track::GetSampleFileOffset(unsigned int) /root/mp4v2/src/mp4track.cpp:999:46 #1 0x7f4c8a42fc1a in mp4v2::impl::MP4Track::ReadSample(unsigned int, unsigned char**, unsigned int*, unsigned long*, unsigned long*, unsigned long*, bool*, bool*, unsigned int*) /root/mp4v2/src/mp4track.cpp:306:27 #2 0x7f4c8a417c53 in mp4v2::impl::MP4File::ReadSample(unsigned int, unsigned int, unsigned char**, unsigned int*, unsigned long*, unsigned long*, unsigned long*, bool*, bool*, unsigned int*) /root/mp4v2/src/mp4file.cpp:3119:41 #3 0x7f4c8a3f5aca in MP4ReadSample /root/mp4v2/src/mp4.cpp:3050:36 #4 0x42887b in ExtractTrack(void*, unsigned int, bool, unsigned int, char*) /root/mp4v2/util/mp4extract.cpp:223:14 #5 0x428376 in main /root/mp4v2/util/mp4extract.cpp:175:13 #6 0x7f4c89dcd082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16 #7 0x40679d in _start (/root/mp4v2/build/mp4extract+0x40679d) UndefinedBehaviorSanitizer can not provide additional info. SUMMARY: UndefinedBehaviorSanitizer: FPE /root/mp4v2/src/mp4track.cpp:999:46 in mp4v2::impl::MP4Track::GetSampleFileOffset(unsigned int) ==2270667==ABORTIN ```
Source⚠️ https://github.com/RichTrouble/mp4v2_mp4track_poc
Userccpx (ID 42350)
Submission2023-03-06 12:17 (1 Year ago)
Moderation2023-03-17 07:49 (11 days later)
Accepted
Przyjęty
VulDB EntryVDB-223296

PoprzedniPrzeglądKolejny

Want to stay up to date on a daily basis?

Enable the mail alert feature now!