NULL Pointer Dereference in axiomatic-systems/bento4


Reported on

May 12th 2021

✍️ Description

NULL pointer dereference of Ap4Descriptor.h in function GetTag

🕵️‍♂️ Proof of Concept

Verification steps: 1.Get the source code of Bento4 2.Compile the Bento4

$ cd Bento4
$ mkdir check_build && cd check_build
$ cmake ../ -DCMAKE_C_COMPILER=clang  -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_C_FLAGS="-fsanitize=address" -DCMAKE_CXX_FLAGS="-fsanitize=address"
$ make -j 32 mp42aac

$ ./mp42aac poc.mp4   /dev/null

💥 Impact

This vulnerability is capable of DDos

Dimitry Ishenko marked this as fixed with commit 481c27 2 years ago
Dimitry Ishenko has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation