Description - we observed a NULL pointer dereference occured in function AP4_List<AP4_Track>: Find () located in Ap4List.h.The same be triggered by sending a crafted file to the mp4dump binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Command - ./mp4dump --track 1:E791400BC075044176E34136E3C134F35E3513BE430B907B --format text $POC
ASAN: DEADLYSIGNAL
=================================================================
==10246==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000030 (pc 0x55d0b61aeae7 bp 0x7ffcc696e490 sp 0x7ffcc696e460 T0)
==10246==The signal is caused by a READ memory access.
==10246==Hint: address points to the zero page.
#0 0x55d0b61aeae6 in AP4_List<AP4_Track>::Find(AP4_List<AP4_Track>::Item::Finder const&, AP4_Track*&) const /home/aceteam/Desktop/packages/Bento4/Source/C++/Core/Ap4List.h:428
#1 0x55d0b61adb79 in AP4_Movie::GetTrack(unsigned int) /home/aceteam/Desktop/packages/Bento4/Source/C++/Core/Ap4Movie.cpp:148
#2 0x55d0b6161f2f in DumpTrackData(char const*, AP4_File&, AP4_Array<unsigned int> const&, AP4_ProtectionKeyMap const&) /home/aceteam/Desktop/packages/Bento4/Source/C++/Apps/Mp4Dump/Mp4Dump.cpp:183
#3 0x55d0b616304f in main /home/aceteam/Desktop/packages/Bento4/Source/C++/Apps/Mp4Dump/Mp4Dump.cpp:367
#4 0x7faa6d1a4b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
#5 0x55d0b61612f9 in _start (/home/aceteam/Desktop/packages/Bento4/builds/mp4dump+0x3082f9)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/aceteam/Desktop/packages/Bento4/Source/C++/Core/Ap4List.h:428 in AP4_List<AP4_Track>::Find(AP4_List<AP4_Track>::Item::Finder const&, AP4_Track*&) const
==10246==ABORTING
Description - we observed a NULL pointer dereference occured in function AP4_List<AP4_Track>: Find () located in Ap4List.h.The same be triggered by sending a crafted file to the mp4dump binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Command -
./mp4dump --track 1:E791400BC075044176E34136E3C134F35E3513BE430B907B --format text $POCPOC - REPRODUCER
Degub -
ASAN REPORT -
GDB -
The text was updated successfully, but these errors were encountered: