Heap-based Buffer Overflow in strukturag/libde265


Reported on

May 13th 2021

✍️ Description

heap-buffer-overflow of decctx.cc in function read_sps_NAL

🕵️‍♂️ Proof of Concept

Verification steps: 1.Get the source code of Bento4 2.Compile the Bento4

$ ./autogen.sh
$ export CFLAGS="-g -lpthread -fsanitize=address"
$ export CXXFLAGS="-g -lpthread -fsanitize=address"
$ CC=clang CXX=clang++ ./configure --disable-shared
$ make -j 32


$./dec265 poc

💥 Impact

This vulnerability is capable of DDOS or code execution

Dirk Farin
2 years ago


Fixed in 8e89fe0e175d2870c39486fdd09250b230ec10b8

Jamie Slome
2 years ago

@farindk - thanks for the information. Would you be able to approve and confirm the fix using the action buttons in the drop-down section above?

Dirk Farin validated this vulnerability 2 years ago
nigelx has been awarded the disclosure bounty
The fix bounty is now up for grabs
Dirk Farin marked this as fixed in 1.0.8 with commit 8e89fe 2 years ago
Dirk Farin has been awarded the fix bounty
to join this conversation