We've joined Protect AIJoin us over there for bounties up to $50,000+ for vulnerabilities in AI/ML repos

division by zero in scene_manager/swf_svg.c, filters/dasher.c , filters/mux_isom.c and scene_manager/swf_parse.c in gpac/gpac

Valid

Reported on

Aug 29th 2023

Description

division by zero in MP4Box.

Version

$ ./bin/gcc/MP4Box -version
MP4Box - GPAC version 2.3-DEV-revrelease
(c) 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io

Please cite our work in your research:
    GPAC Filters: https://doi.org/10.1145/3339825.3394929
    GPAC: https://doi.org/10.1145/1291233.1291452

GPAC Configuration: --enable-sanitizer
Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SSL GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_LINUX_DVB  GPAC_DISABLE_3D

Reproduce

complie and run

./configure --enable-sanitizer
make

Proof of Concept

./bin/gcc/MP4Box -info ./crash000002

./bin/gcc/MP4Box -dash 1000 ./crash000006

./bin/gcc/MP4Box -dash 1000 ./crash000032

./bin/gcc/MP4Box -dash 1000 ./crash000054

./bin/gcc/MP4Box -dash 1000 ./crash000292

./bin/gcc/MP4Box -dash 1000 ./crash000241

crash000002 is here

crash000006 is here

crash000032 is here

crash000054 is here

crash000292 is here

crash000241 is here

Crash000002 Info

information reported by sanitizer

$ ./bin/gcc/MP4Box -info ./crash000002
SWF Import - Scene Size 29.1x-31 - 2048 frames @ 0 FPS
[TXTIn] swf -> svg not fully migrated, using SWF flags 0 and no flatten angle. Patch welcome
[SWF Parsing] Tag UnknownTag (0x1c9) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x1f0) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x375) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x336) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x30a) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x1e0) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x79) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x17b) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x217) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0xaa) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x311) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x9e) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x3d7) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x233) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x300) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x11d) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x10c) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x21d) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x349) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x1c3) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x1cf) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x1f0) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0xcd) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x2e2) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x245) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x329) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x10a) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x305) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x7f) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x2f7) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x174) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x1ca) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0xf8) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x4a) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x267) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x79) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x109) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x348) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0xb1) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x382) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x160) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x29f) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x13c) not implemented - skipping (frame 1)
scene_manager/swf_svg.c:460:92: runtime error: division by zero

Crash000006 Info

information reported by sanitizer

$ ./bin/gcc/MP4Box -dash 1000 ./crash000006
[AVIDmx] Video format >JPG not natively supported, signaling as is
[Dasher] No template assigned, using $File$_dash$FS$$Number$
[Dasher] No bitrate property assigned to PID crash000006, computing from bitstream
[RFC6381] Codec parameters not known, cannot set codec string
[MP4Mux] No timescale specified, guessing from media: 1000
[MP4Mux] muxing unknown codec ID Codec Not Supported, using generic sample entry with 4CC ">JPG"
filters/dasher.c:7616:34: runtime error: division by zero

Crash000032 Info

information reported by sanitizer

$ ./bin/gcc/MP4Box -dash 1000 ./crash000032
[Dasher] No template assigned, using $File$_dash$FS$$Number$
Unsupported cicp audio layout value 41
[RFC6381] Cannot find MPEG-H Audio Config or audio PL, defaulting to profile 0x01
[Dasher] Representation not initialized, dropping non-SAP1/2 packet CTS 0/40000
Unsupported cicp audio layout value 41
Unsupported cicp audio layout value 41
Unknown CICP mapping for channel config 31/0.0
[RFC6381] Cannot find MPEG-H Audio Config or audio PL, defaulting to profile 0x01
[Dasher] PID audio config changed during active period, forcing period switch
filters/dasher.c:7217:49: runtime error: division by zero

Crash000054 Info

information reported by sanitizer

$ ./bin/gcc/MP4Box -dash 1000 ./crash000054
[Dasher] No template assigned, using $File$_dash$FS$$Number$
Unsupported cicp audio layout value 60
[RFC6381] Cannot find MPEG-H Audio Config or audio PL, defaulting to profile 0x01
[MP4Mux] No timescale specified, guessing from media: 0
[Dasher] Representation not initialized, dropping non-SAP1/2 packet CTS 0/0
[Dasher] Representation not initialized, dropping non-SAP1/2 packet CTS 768/0
Unknown CICP mapping for channel config 22/0.0
[RFC6381] Cannot find MPEG-H Audio Config or audio PL, defaulting to profile 0x01
filters/mux_isom.c:7144:62: runtime error: division by zero

Crash000292 Info

information reported by sanitizer

$ ./bin/gcc/MP4Box -dash 1000 ./crash000292
SWF Import - Scene Size 29.1x-30.65 - 512 frames @ 0 FPS
[TXTIn] swf -> svg not fully migrated, using SWF flags 0 and no flatten angle. Patch welcome
[Dasher] No template assigned, using $File$_dash$FS$$Number$
[Dasher] No bitrate property assigned to PID crash000292, computing from bitstream
[SWF Parsing] Tag UnknownTag (0x1a4) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x1bd) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x3b8) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0xd8) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x267) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x1d1) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x173) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x19) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x165) not implemented - skipping (frame 1)
[SWF Parsing] Tag NameCharacter (0x28) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x199) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x17c) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0xac) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x284) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x1b9) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x3d3) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x80) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x3a3) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0xc0) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x1c8) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x1b) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x2f4) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x2cc) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x135) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x50) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x1ba) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x53) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x3d1) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x1b8) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x326) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0xb9) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x2f4) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x395) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x1fc) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x7b) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x150) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x3dc) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x200) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x2ef) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x3be) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x2de) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x75) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x19) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x1b2) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x223) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x6b) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x7f) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x13d) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x97) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x1f9) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x3f5) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x208) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x330) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x38b) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x17c) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x328) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x251) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x254) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x3fe) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x1b7) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x1f8) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x21d) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x386) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x12a) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x397) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x11b) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x2ec) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x62) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x230) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x2bf) not implemented - skipping (frame 1)
[SWF Parsing] Tag ImportAssets (0x39) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x152) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x206) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x3e7) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x17d) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x79) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x72) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x3a9) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x257) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x3bd) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x22d) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x27c) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x3ae) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x156) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x351) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x2e9) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x38e) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x342) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x201) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x27d) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x49) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x234) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x332) not implemented - skipping (frame 1)
[SWF Parsing] Tag MX4 (0x3f) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x8c) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x22b) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x306) not implemented - skipping (frame 1)
[SWF Parsing] Tag Generator3 (0x33) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x4b) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0xe8) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x2da) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x307) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x2c4) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0xd8) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x36d) not implemented - skipping (frame 1)
[SWF Parsing] Tag MX1 (0x3c) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x1ab) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0xa3) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x26d) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x1fe) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x5e) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0xcd) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x162) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x3d7) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0xf7) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x101) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x1bd) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x237) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x3de) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x38b) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x271) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x142) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0xe6) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x10e) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x1a8) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x14e) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x39a) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x255) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x2ef) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x165) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x139) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x153) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x137) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0xac) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x92) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x2ef) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x332) not implemented - skipping (frame 1)
[SWF Parsing] tag PlaceObject2 over-read of 27 bytes (size 9) (frame 1)
[SWF Parsing] Tag UnknownTag (0x3e6) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0xba) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x3a8) not implemented - skipping (frame 1)
[SWF Parsing] bitstream IO err (tag size 42) (frame 1)
[SWF Parsing] Tag UnknownTag (0x207) not implemented - skipping (frame 1)
scene_manager/swf_parse.c:2018:38: runtime error: division by zero

Crash000241 Info

information reported by sanitizer

$ ./bin/gcc/MP4Box -dash 1000 ./crash000241
SWF Import - Scene Size 37.7x-30.65 - 512 frames @ 0 FPS
[TXTIn] swf -> svg not fully migrated, using SWF flags 0 and no flatten angle. Patch welcome
[Dasher] No template assigned, using $File$_dash$FS$$Number$
[Dasher] No bitrate property assigned to PID crash000241, computing from bitstream
[SWF Parsing] Tag UnknownTag (0x1a4) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x1bd) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x12f) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x15b) not implemented - skipping (frame 1)
[SWF Parsing] fill_style b8 not supported (frame 1)
[SWF Parsing] fill_style 2c not supported (frame 1)
[SWF Parsing] fill_style 64 not supported (frame 1)
[SWF Parsing] tag DefineShape3 over-read of 242309 bytes (size 23) (frame 1)
[SWF Parsing] Tag UnknownTag (0x218) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0xf5) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x147) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x1f5) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x3fd) not implemented - skipping (frame 1)
[SWF Parsing] tag DefineFont2 over-read of 87881 bytes (size 19) (frame 1)
[SWF Parsing] Tag UnknownTag (0x72) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x140) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x3c0) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x23c) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x3e8) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x2a3) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x1fe) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x204) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x99) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x141) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x91) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x3af) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x3b2) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x3db) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x1e6) not implemented - skipping (frame 1)
[SWF Parsing] Tag UnknownTag (0x50) not implemented - skipping (frame 1)
scene_manager/swf_parse.c:1844:23: runtime error: division by zero

Impact

This is capable of causing crashes.

References

crash000002 is here

crash000006 is here

crash000032 is here

crash000054 is here

crash000292 is here

crash000241 is here

Impact

This is capable of causing crashes.

We are processing your report and will contact the gpac team within 24 hours. 23 days ago
functionmain modified the report
23 days ago
functionmain modified the report
23 days ago
functionmain modified the report
23 days ago
functionmain modified the report
23 days ago
We have contacted a member of the gpac team and are waiting to hear back 22 days ago
gpac/gpac maintainer
22 days ago

Maintainer

https://github.com/gpac/gpac/issues/2576

functionmain modified the report
21 days ago
functionmain
21 days ago

Researcher

I modified the report to include two new divisions by zero located at scene_manager/swf_parse.c

gpac/gpac maintainer
21 days ago

Maintainer

Noted. Thanks.

gpac/gpac maintainer validated this vulnerability 21 days ago
functionmain has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
gpac/gpac maintainer marked this as fixed in 2.3-DEV with commit 460705 21 days ago
The fix bounty has been dropped
This vulnerability has been assigned a CVE
gpac/gpac maintainer published this vulnerability 21 days ago
to join this conversation