Lucene search
Suica523916B787A-C603-409D-AFC6-25BB02070E69HistoryMay 26, 2023 - 9:13 a.m.
NULL Pointer Dereference in function xml_sax_append_string
2023-05-2609:13:06
suica523
www.huntr.dev
9
ubuntu
gpac
addresssanitizer
xml_parser.c
mp4box
proof of concept
libc.so.6
EPSS
0
Percentile
5.1%
Description
NULL Pointer Dereference In utils/xml_parser.c:963
Environment
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04 LTS
Release: 20.04
Codename: focal
Version
MP4Box - GPAC version 2.3-DEV-rev293-g56eed04c2-master
(c) 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io
MINI build (encoders, decoders, audio and video output disabled)
Please cite our work in your research:
GPAC Filters: https://doi.org/10.1145/3339825.3394929
GPAC: https://doi.org/10.1145/1291233.1291452
Build
sudo CC=gcc CXX=g++ CFLAGS="-fsanitize=address -static-libasan" CXXFLAGS="-fsanitize=address -static-libasan" LDFLAGS="-fsanitize=address -static-libasan" ./configure && sudo make
Proof of Concept
./MP4Box -bin ./gpac_null_ptr_poc
poc is here!
ASAN
./MP4Box -bin ./gpac_null_ptr_poc
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1568303==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f8c0e58e6e5 bp 0x7ffcbc50b160 sp 0x7ffcbc50a8d8 T0)
==1568303==The signal is caused by a READ memory access.
==1568303==Hint: address points to the zero page.
#0 0x7f8c0e58e6e4 (/lib/x86_64-linux-gnu/libc.so.6+0x1886e4)
#1 0x55eab7ceabdb in __interceptor_strlen.part.0 (/home/hack/fuzz/asan_bin/bin/MP4Box+0x62bdb)
#2 0x7f8c0e879735 in gf_xml_sax_parse_intern (../lib/libgpac.so.12+0xcc735)
#3 0x7f8c0e879b94 in gf_xml_sax_parse (../lib/libgpac.so.12+0xccb94)
#4 0x7f8c0e879c32 in xml_sax_read_file.part.0 (../lib/libgpac.so.12+0xccc32)
#5 0x7f8c0e879f26 in gf_xml_sax_parse_file (../lib/libgpac.so.12+0xccf26)
#6 0x7f8c0e87af62 in gf_xml_dom_parse (../lib/libgpac.so.12+0xcdf62)
#7 0x55eab7dd34f4 in xml_bs_to_bin (/home/hack/fuzz/asan_bin/bin/MP4Box+0x14b4f4)
#8 0x55eab7de37cc in mp4box_main (/home/hack/fuzz/asan_bin/bin/MP4Box+0x15b7cc)
#9 0x7f8c0e42a082 in __libc_start_main ../csu/libc-start.c:308
#10 0x55eab7ca5e1d in _start (/home/hack/fuzz/asan_bin/bin/MP4Box+0x1de1d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x1886e4)
==1568303==ABORTING
Related
debiancve
debiancve
CVE-2023-3012
2023-05-31 14:15:11
cve
cve
CVE-2023-3012
2023-05-31 14:15:11
nvd
nvd
CVE-2023-3012
2023-05-31 14:15:11
osv
osv
CVE-2023-3012
2023-05-31 14:15:11
gpac - security update
2023-07-14 00:00:00
veracode
veracode
NULL Pointer Dereference
2023-06-14 12:32:46
ubuntucve
ubuntucve
CVE-2023-3012
2023-05-31 00:00:00
cvelist
cvelist
CVE-2023-3012 NULL Pointer Dereference in gpac/gpac
2023-05-31 00:00:00
prion
prion
Null pointer dereference
2023-05-31 14:15:00
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0027)
2024-02-09 00:00:00
Debian: Security Advisory (DSA-5452-1)
2023-07-17 00:00:00
mageia
mageia
Updated gpac packages fix security vulnerabilities
2024-02-09 04:34:03
debian
debian
[SECURITY] [DSA 5452-1] gpac security update
2023-07-14 18:47:04
nessus
nessus
Debian DSA-5452-1 : gpac - security update
2023-07-15 00:00:00