| tiêu đề | GPAC MP4Box <= 2.4.0 (master commit 525bf1a and earlier) Memory leak (Denial of Service) |
|---|
| Mô tả | GPAC is an open-source multimedia framework that provides the MP4Box tool for parsing, editing, and concatenating MP4 files.
A memory leak vulnerability exists in GPAC MP4Box 2.4.0 and earlier versions (including master commit 525bf1a). When using the "-cat" parameter to concatenate malformed MP4 files containing unsupported hint tracks, the program fails to release a sample buffer allocated in the Media_GetSample() function at src/isomedia/media.c:633.
The leak occurs when MP4Box removes unsupported hint tracks and creates new destination tracks, but the allocated buffer is not freed on this error path. Repeated exploitation can lead to memory exhaustion and denial of service. This issue is related to previously fixed vulnerability #3361, indicating an incomplete fix.
Reproduction steps:
Compile GPAC with AddressSanitizer/LeakSanitizer enabled
Prepare a normal MP4 file named white.mp4
Execute: ./MP4Box -cat ./poc.mp4 ./white.mp4 -out /dev/null
LeakSanitizer will report a direct leak of 1 byte allocated at media.c:633
Memory leak stack trace:Direct leak of 1 byte (s) in 1 object (s) allocated from:#0 0x555555674d4e in malloc (/home/gpac/gpac/bin/gcc/MP4Box+0x120d4e)#1 0x7ffff5541ac2 in Media_GetSample /home/gpac/gpac/src/isomedia/media.c:633:27#2 0x7ffff54219c2 in gf_isom_get_sample_ex /home/gpac/gpac/src/isomedia/isom_read.c:1966:6#3 0x7ffff5422298 in gf_isom_get_sample /home/gpac/gpac/src/isomedia/isom_read.c:1986:9` |
|---|
| Nguồn | ⚠️ https://github.com/gpac/gpac/issues/3557 |
|---|
| Người dùng | fczhang (UID 97720) |
|---|
| Đệ trình | 01/05/2026 14:50 (cách đây 1 tháng) |
|---|
| Kiểm duyệt | 26/05/2026 14:36 (25 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 365631 [GPAC đến 2.4.0 MP4Box src/isomedia/media.c Media_GetSample cat Từ chối dịch vụ] |
|---|
| điểm | 20 |
|---|