Heap-based Buffer Overflow in strukturag/libde265

Valid

Reported on

May 13th 2021

✍️ Description

heap-buffer-overflow of decctx.cc in function read_sps_NAL

🕵️‍♂️ Proof of Concept

Verification steps： 1.Get the source code of Bento4 2.Compile the Bento4

$ ./autogen.sh
$ export CFLAGS="-g -lpthread -fsanitize=address"
$ export CXXFLAGS="-g -lpthread -fsanitize=address"
$ CC=clang CXX=clang++ ./configure --disable-shared
$ make -j 32

3.run

$./dec265 poc

💥 Impact

This vulnerability is capable of DDOS or code execution

References

https://github.com/strukturag/libde265/issues/293

Dirk Farin

commented a year ago

Maintainer

Fixed in 8e89fe0e175d2870c39486fdd09250b230ec10b8

Jamie Slome

commented a year ago

Admin

@farindk - thanks for the information. Would you be able to approve and confirm the fix using the action buttons in the drop-down section above?

Dirk Farin validated this vulnerability a year ago

RouX has been awarded the disclosure bounty

The fix bounty is now up for grabs

Dirk Farin marked this as fixed in 1.0.8 with commit 8e89fe a year ago

Dirk Farin has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation

Dirk Farin

commented a year ago

Maintainer

Fixed in 8e89fe0e175d2870c39486fdd09250b230ec10b8

Jamie Slome

commented a year ago

Admin

@farindk - thanks for the information. Would you be able to approve and confirm the fix using the action buttons in the drop-down section above?

Dirk Farin validated this vulnerability a year ago

RouX has been awarded the disclosure bounty

The fix bounty is now up for grabs

Dirk Farin marked this as fixed in 1.0.8 with commit 8e89fe a year ago

Dirk Farin has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation