Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrCoolkingcole681E42D0-18D4-4EBC-ABA0-C5B0F77AC74A
HistoryOct 08, 2023 - 5:04 a.m.

Heap OOB Read

2023-10-0805:04:26
coolkingcole
www.huntr.dev
7
debian gnu/linux
oob read
addresssanitizer
memory error
mp4box
buffer overflow
security vulnerability

0.001 Low

EPSS

Percentile

20.7%

JSON

Environment

Distributor ID:	Debian
Description:	Debian GNU/Linux bookworm/sid

Version

I checked against the latest release as of 10/08/23 the current master branch at commit50c2ab06f45a3101d73d6f317e98f041809f4923 .

Description

This AddressSanitizer output is indicating an OOB read of invalid heap memory. This exception occurred in the function ac3dmx_process at line 489 in the filesrc/filters/reframe_ac3.c. This error being an OOB read indicates that the error is related to the source calculation here.

src/filters/reframe_ac3.c:line 489

memcpy(output, sync, ctx->hdr.framesize);

POC

./MP4Box -dash 1000 ./POC5_min

POC File

ASAN

[BS] Attempt to overread bitstream
[Dasher] No template assigned, using $File$_dash$FS$$Number$
=================================================================
==1037600==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300000293c at pc 0x5555563f1b57 bp 0x7fffffff6670 sp 0x7fffffff5e40
READ of size 98 at 0x60300000293c thread T0
    #0 0x5555563f1b56 in __asan_memcpy (/path/gpac/build/bin/gcc/MP4Box+0xe9db56) (BuildId: 1b19b3f64554102b121e6b611467f4f8dd9b5747)
    #1 0x55555787b067 in ac3dmx_process /path/gpac/src/filters/reframe_ac3.c:489:4
    #2 0x555557276bc7 in gf_filter_process_task /path/gpac/src/filter_core/filter.c:2971:7
    #3 0x55555722b99e in gf_fs_thread_proc /path/gpac/src/filter_core/filter_session.c:2105:3
    #4 0x55555722985d in gf_fs_run /path/gpac/src/filter_core/filter_session.c:2405:3
    #5 0x555556dd7a39 in gf_dasher_process /path/gpac/src/media_tools/dash_segmenter.c:1236:6
    #6 0x55555646143c in do_dash /path/gpac/applications/mp4box/mp4box.c:4831:15
    #7 0x555556451064 in mp4box_main /path/gpac/applications/mp4box/mp4box.c:6245:7
    #8 0x7ffff6fe11c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #9 0x7ffff6fe1284 in __libc_start_main csu/../csu/libc-start.c:360:3
    #10 0x55555636f9e0 in _start (/path/gpac/build/bin/gcc/MP4Box+0xe1b9e0) (BuildId: 1b19b3f64554102b121e6b611467f4f8dd9b5747)

0x60300000293c is located 0 bytes to the right of 28-byte region [0x603000002920,0x60300000293c)
allocated by thread T0 here:
    #0 0x5555563f2c56 in __interceptor_realloc (/path/gpac/build/bin/gcc/MP4Box+0xe9ec56) (BuildId: 1b19b3f64554102b121e6b611467f4f8dd9b5747)
    #1 0x55555787a567 in ac3dmx_process /path/gpac/src/filters/reframe_ac3.c:399:22
    #2 0x555557276bc7 in gf_filter_process_task /path/gpac/src/filter_core/filter.c:2971:7
    #3 0x55555722b99e in gf_fs_thread_proc /path/gpac/src/filter_core/filter_session.c:2105:3
    #4 0x55555722985d in gf_fs_run /path/gpac/src/filter_core/filter_session.c:2405:3
    #5 0x555556dd7a39 in gf_dasher_process /path/gpac/src/media_tools/dash_segmenter.c:1236:6
    #6 0x55555646143c in do_dash /path/gpac/applications/mp4box/mp4box.c:4831:15
    #7 0x555556451064 in mp4box_main /path/gpac/applications/mp4box/mp4box.c:6245:7
    #8 0x7ffff6fe11c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16

SUMMARY: AddressSanitizer: heap-buffer-overflow (/path/gpac/build/bin/gcc/MP4Box+0xe9db56) (BuildId: 1b19b3f64554102b121e6b611467f4f8dd9b5747) in __asan_memcpy
Shadow bytes around the buggy address:
  0x0c067fff84d0: fd fd fd fd fa fa 00 00 01 fa fa fa fd fd fd fd
  0x0c067fff84e0: fa fa fd fd fd fa fa fa 00 00 01 fa fa fa 00 00
  0x0c067fff84f0: 01 fa fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa
  0x0c067fff8500: 00 00 01 fa fa fa fd fd fd fd fa fa fd fd fd fd
  0x0c067fff8510: fa fa 00 00 01 fa fa fa 00 00 00 fa fa fa 00 00
=>0x0c067fff8520: 00 fa fa fa 00 00 00[04]fa fa 00 00 00 00 fa fa
  0x0c067fff8530: 00 00 02 fa fa fa 00 00 00 fa fa fa 00 00 01 fa
  0x0c067fff8540: fa fa 00 00 00 00 fa fa 00 00 01 fa fa fa 00 00
  0x0c067fff8550: 01 fa fa fa 00 00 05 fa fa fa 00 00 04 fa fa fa
  0x0c067fff8560: 00 00 06 fa fa fa 00 00 00 fa fa fa 00 00 00 00
  0x0c067fff8570: fa fa 00 00 02 fa fa fa 00 00 00 01 fa fa fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==1037600==ABORTING

Related

cve 1
cvelist 1
veracode 1
ubuntucve 1
prion 1
osv 1
nvd 1
debiancve 1
cve
cve
CVE-2023-5520
2023-10-11 12:15:11
cvelist
cvelist
CVE-2023-5520 Out-of-bounds Read in gpac/gpac
2023-10-11 11:56:06
veracode
veracode
Out Of Bound Read
2023-10-12 06:08:31
ubuntucve
ubuntucve
CVE-2023-5520
2023-10-11 00:00:00
prion
prion
Design/Logic Flaw
2023-10-11 12:15:00
osv
osv
CVE-2023-5520
2023-10-11 12:15:11
nvd
nvd
CVE-2023-5520
2023-10-11 12:15:11
debiancve
debiancve
CVE-2023-5520
2023-10-11 12:15:11

0.001 Low

EPSS

Percentile

20.7%

JSON
Related for 681E42D0-18D4-4EBC-ABA0-C5B0F77AC74A
cve1cvelist1veracode1ubuntucve1prion1osv1nvd1debiancve1