Lucene search
QianshuidewajuejiCB730BC5-D79C-4DE6-9E57-10E8C3CE2CF3HistoryFeb 12, 2023 - 2:27 a.m.
buffer over-read in function mhas_dmx_process filters/reframe_mhas.c
2023-02-1202:27:03
qianshuidewajueji
www.huntr.dev
10
buffer over-read
mhas_dmx_process
refame_mhas.c
mp4box
gpac
runtime error
index out of bounds
enable-sanitizer
enable-debug
0.001 Low
EPSS
Percentile
25.5%
Version
➜ gcc git:(master) ✗ ./MP4Box -version
MP4Box - GPAC version 2.3-DEV-rev40-g3602a5ded-master
(c) 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io
Please cite our work in your research:
GPAC Filters: https://doi.org/10.1145/3339825.3394929
GPAC: https://doi.org/10.1145/1291233.1291452
GPAC Configuration: --enable-sanitizer --verbose
Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SSL GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_PNG GPAC_HAS_LINUX_DVB GPAC_DISABLE_3D
Proof of Concept
➜ gcc git:(master) ✗ ./MP4Box -info mhas_dmx_process_poc
filters/reframe_mhas.c:625:25: runtime error: index 30 out of bounds for type 'u32 [28]'
Reproduce
./configure --enable-sanitizer --enable-debug
make
./MP4Box -info ./mhas_dmx_process_poc
Related
ubuntucve
ubuntucve
CVE-2023-0817
2023-02-13 00:00:00
prion
prion
Buffer overflow
2023-02-13 22:15:00
nvd
nvd
CVE-2023-0817
2023-02-13 22:15:13
cvelist
cvelist
CVE-2023-0817 Buffer Over-read in gpac/gpac
2023-02-13 00:00:00
veracode
veracode
Buffer Over-read
2023-10-09 06:50:05
osv
osv
CVE-2023-0817
2023-02-13 22:15:13
debiancve
debiancve
CVE-2023-0817
2023-02-13 22:15:13
cve
cve
CVE-2023-0817
2023-02-13 22:15:13