New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap overflow in mp4v2::impl::MP4Integer32Property::Read #20
Comments
|
poc: |
|
This was assigned CVE-2018-14446. |
|
Thank you for reporting this! We are looking into it. |
|
It has come to our attention that there are a number of CVE's assigned to mp4v2. All of these reference a CPE of a:techsmith:mp4v2. I believe this was an educated guess by NIST as to the owner of the mp4v2 code. After all, if you search for mp4v2 this repository shows up in the results first. @jinyu00 was the only one to have logged an issue against our fork specifically. I want to make it clear to the community that this is repository is a fork of https://code.google.com/archive/p/mp4v2/. We have made some changes on top of it for our own purposes and they remain open source. Our fork here is certainly vulnerable to these issues which we intend to resolve, but I'm sure most binary distributions of this library are not built off of this fork and will need to implement their own fixes and version appropriately. We will be editing the readme to clarify the nature of this fork going forward. |
When open a crafted
mp4file, The program could tigger heap overflow, this could overwrite vtable ptr. and then entermp4v2::impl::MP4TableProperty::ReadEntry,and use the vtable , then program crash.The gdb output is blow:
As you can see , program crash in
now $rcx = 0xdeadbeef , which is our control.
fuzz log
The text was updated successfully, but these errors were encountered: