Lucene search
Janette88D2A6EA71-3555-47A6-9B18-35455D103740HistoryOct 11, 2023 - 10:42 a.m.
NULL Pointer Dereference in function gf_filter_pck_new_alloc_internal
2023-10-1110:42:24
janette88
www.huntr.dev
10
null pointer dereference
filter_core/filter_pck.c
git commit
5692dc729491805e0e5f55c21d50ba1e6b19e88e
ac3dmx
mp4box
gpac version 2.3-dev-rev577-g5692dc729-master
0.001 Low
EPSS
Percentile
21.5%
Description
NULL Pointer Dereference in function gf_filter_pck_new_alloc_internal at filter_core/filter_pck.c:108.
Version
git log
commit 5692dc729491805e0e5f55c21d50ba1e6b19e88e (HEAD -> master, origin/master, origin/HEAD)
Author: Aurelien David <aurelien.david@telecom-paristech.fr>
Date: Wed Oct 11 13:24:46 2023 +0200
ac3dmx: add remain size check (fixes #2627)
./MP4Box -version
MP4Box - GPAC version 2.3-DEV-rev577-g5692dc729-master
(c) 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io
Proof of Concept
reported (no instrumented program)
./configure --enable-sanitizer
make
./bin/gcc/MP4Box -dash 1000 -out /dev/null poc2_nul
[Dasher] No template assigned, using $File$_dash$FS$$Number$
[PCMReframe] Missing audio sample rate, cannot parse
filter_core/filter_pck.c:108:6: runtime error: member access within null pointer of type 'struct GF_FilterPid'
Reported with ASAN (instrumented program):
./bin/gcc/MP4Box -dash 1000 -out /dev/null poc2_null
[Dasher] No template assigned, using $File$_dash$FS$$Number$
[PCMReframe] Missing audio sample rate, cannot parse
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2015631==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f6dd4798891 bp 0x7ffee005d790 sp 0x7ffee005d6a0 T0)
==2015631==The signal is caused by a READ memory access.
==2015631==Hint: address points to the zero page.
#0 0x7f6dd4798891 in gf_filter_pck_new_alloc_internal (/home/fuzz/gpac/gpac/bin/gcc/libgpac.so.12+0x119b891)
#1 0x7f6dd4d1ef00 in pcmreframe_process (/home/fuzz/gpac/gpac/bin/gcc/libgpac.so.12+0x1721f00)
#2 0x7f6dd48571ce in gf_filter_process_task (/home/fuzz/gpac/gpac/bin/gcc/libgpac.so.12+0x125a1ce)
#3 0x7f6dd4825216 in gf_fs_thread_proc (/home/fuzz/gpac/gpac/bin/gcc/libgpac.so.12+0x1228216)
#4 0x7f6dd4823b0f in gf_fs_run (/home/fuzz/gpac/gpac/bin/gcc/libgpac.so.12+0x1226b0f)
#5 0x7f6dd41c2047 in gf_dasher_process (/home/fuzz/gpac/gpac/bin/gcc/libgpac.so.12+0xbc5047)
#6 0x50205c in do_dash /home/fuzz/gpac/gpac/applications/mp4box/mp4box.c:4831:15
#7 0x4f34ee in mp4box_main /home/fuzz/gpac/gpac/applications/mp4box/mp4box.c:6245:7
#8 0x7f6dd327e082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
#9 0x42ad4d in _start (/home/fuzz/gpac/gpac/bin/gcc/MP4Box+0x42ad4d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/home/fuzz/gpac/gpac/bin/gcc/libgpac.so.12+0x119b891) in gf_filter_pck_new_alloc_internal
POC:
https://github.com/Janette88/test_pocs/blob/main/poc2_null
Related
ubuntucve
ubuntucve
CVE-2023-5586
2023-10-15 00:00:00
veracode
veracode
NULL Pointer Dereference
2023-10-17 02:19:35
cve
cve
CVE-2023-5586
2023-10-15 01:15:09
nvd
nvd
CVE-2023-5586
2023-10-15 01:15:09
cvelist
cvelist
CVE-2023-5586 NULL Pointer Dereference in gpac/gpac
2023-10-15 00:28:09
osv
osv
CVE-2023-5586
2023-10-15 01:15:09
prion
prion
Null pointer dereference
2023-10-15 01:15:00
debiancve
debiancve
CVE-2023-5586
2023-10-15 01:15:09