Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Buffer overflow in filters/load_text.c:353:14 #2386

Closed
3 tasks done
xxy1126 opened this issue Feb 2, 2023 · 2 comments
Closed
3 tasks done

Buffer overflow in filters/load_text.c:353:14 #2386

xxy1126 opened this issue Feb 2, 2023 · 2 comments

Comments

@xxy1126
Copy link

xxy1126 commented Feb 2, 2023

Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!

Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/

version

MP4Box - GPAC version 2.3-DEV-rev35-gbbca86917-master
(c) 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io

Please cite our work in your research:
        GPAC Filters: https://doi.org/10.1145/3339825.3394929
        GPAC: https://doi.org/10.1145/1291233.1291452

GPAC Configuration: --enable-sanitizer --enable-debug
Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_LINUX_DVB  GPAC_DISABLE_3D

reproduce

complie and run

./configure --enable-sanitizer
make
./MP4Box -info poc

information

filters/load_text.c:353:14: runtime error: index 2048 out of bounds for type 'char [2048]'

poc

https://github.com/xxy1126/Vuln/blob/main/gpac/1.mp4

@xxy1126 xxy1126 changed the title Buffer overflow Buffer overflow in filters/load_text.c:353:14 Feb 2, 2023
@aureliendavid
Copy link
Member

Hi,

thanks for the report, should be fixed in the above commit

reopen if needed

@stevebeattie
Copy link

This issue was assigned CVE-2023-1452.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants