gpac

Valid

Reported on

Feb 12th 2023

Version

➜  gcc git:(master) ✗ ./MP4Box -version                  
MP4Box - GPAC version 2.3-DEV-rev40-g3602a5ded-master
(c) 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io

Please cite our work in your research:
        GPAC Filters: https://doi.org/10.1145/3339825.3394929
        GPAC: https://doi.org/10.1145/1291233.1291452

GPAC Configuration: --enable-sanitizer --verbose
Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SSL GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_PNG GPAC_HAS_LINUX_DVB  GPAC_DISABLE_3D

Proof of Concept

➜  gcc git:(master) ✗ ./MP4Box -info mhas_dmx_process_poc
filters/reframe_mhas.c:625:25: runtime error: index 30 out of bounds for type 'u32 [28]'

Reproduce

./configure --enable-sanitizer --enable-debug
make
./MP4Box -info ./mhas_dmx_process_poc

Impact

This is capable of causing crashes by using unexpected value, or possible code execution.

References

We are processing your report and will contact the gpac team within 24 hours. a month ago

We have contacted a member of the gpac team and are waiting to hear back a month ago

A gpac/gpac maintainer

commented a month ago

Maintainer

https://github.com/gpac/gpac/issues/2398

A gpac/gpac maintainer validated this vulnerability a month ago

qianshuidewajueji has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

A gpac/gpac maintainer marked this as fixed in v2.3.0-DEV with commit be9f8d a month ago

The fix bounty has been dropped

This vulnerability has been assigned a CVE

A gpac/gpac maintainer published this vulnerability a month ago

to join this conversation