| Название | GPAC MP4Box <= 2.4.0 (master commit 7508ccc and earlier) Null pointer dereference (Denial of Service) |
|---|
| Описание | GPAC is an open-source multimedia framework that provides the MP4Box tool for parsing, editing, and streaming MP4 files.
A null pointer dereference vulnerability exists in the MergeFragment() function of GPAC MP4Box 2.4.0 and earlier versions (including master commit 7508ccc). When processing a malformed MP4 file with the "-hint" parameter, the program passes a NULL pointer as the second argument to a libc string/memory function annotated with the "nonnull" attribute. This triggers an UndefinedBehaviorSanitizer (UBSan) error and causes the program to receive a SIGABRT signal, resulting in a denial of service condition.
This issue appears to be related to previously fixed vulnerabilities #2166 and #2600, potentially indicating an incomplete fix or an unhandled edge case.
Reproduction steps:
1. Compile GPAC from the latest master branch (commit 7508ccc) with UndefinedBehaviorSanitizer enabled
2. Obtain the malformed MP4 file (POC) from the attached link
3. Execute the command: ./MP4Box -hint ./malformed.mp4
4. The program crashes with a UBSan null pointer error at isomedia/isom_intern.c:174
Stack trace:
#0 0x7ffff56df1e6 in MergeFragment /home/gpac/gpac-2/slatest/src/isomedia/isom_intern.c:174:5
#1 0x7ffff56e51b3 in gf_isom_parse_movie_boxes_internal /home/gpac/gpac-2/slatest/src/isomedia/isom_intern.c:784:9
#2 0x7ffff56eae39 in gf_isom_open_file /home/gpac/gpac-2/slatest/src/isomedia/isom_intern.c:1081:19
#3 0x5555556a132a in mp4box_main /home/gpac/gpac-2/slatest/applications/mp4box/mp4box.c:6481:12 |
|---|
| Источник | ⚠️ https://github.com/gpac/gpac/issues/3549 |
|---|
| Пользователь | fczhang (UID 97720) |
|---|
| Представление | 30.04.2026 04:13 (1 месяц назад) |
|---|
| Модерация | 26.05.2026 12:52 (26 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 365629 [GPAC до 2.4.0 MP4Box isom_intern.c MergeFragment отказ в обслуживании] |
|---|
| Баллы | 20 |
|---|