buffer overflow in function gf_hevc_read_vps_bs_internal of media_tools/av_parsers.c:8039
Version info
latest version atm
MP4Box - GPAC version 2.1-DEV-rev644-g5c4df2a67-master
(c) 2000-2022 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io
Please cite our work in your research:
GPAC Filters: https://doi.org/10.1145/3339825.3394929
GPAC: https://doi.org/10.1145/1291233.1291452
GPAC Configuration: --enable-sanitizer
Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SSL GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_LINUX_DVB GPAC_DISABLE_3D
Reproduce
compile and run
./configure --enable-sanitizer
make
./MP4Box import -cat poc_bof10.mp4
Crash reported by sanitizer
[Core] exp-golomb read failed, not enough bits in bitstream !
[HEVC] Error parsing NAL unit type 33
[HEVC] Error parsing Sequence Param Set
[HEVC] Error parsing NAL unit type 32
[HEVC] 8 layers in VPS but only 4 supported in GPAC
[HEVC] Error parsing NAL unit type 32
[HEVC] Error parsing Video Param Set
[HEVC] Error parsing NAL unit type 33
Track Importing HEVC - Width 1 Height 6 FPS 488447261/488447261
[HEVC] Error parsing NAL unit type 390)
[HEVC] SEI user message type 249 size error (109 but 15 remain), skipping SEI message
media_tools/av_parsers.c:8039:32: runtime error: index 4 out of bounds for type 'u8 [4]'
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/
Description
buffer overflow in function gf_hevc_read_vps_bs_internal of media_tools/av_parsers.c:8039
Version info
latest version atm
Reproduce
compile and run
Crash reported by sanitizer
POC
poc_bof10.zip
Impact
Potentially causing DoS and RCE
Credit
Xdchase
The text was updated successfully, but these errors were encountered: