You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Crash output:
[iso file] Unknown box type vref in parent dinf
[iso file] Missing dref box in dinf
[iso file] Incomplete box - start 2637
[iso file] Incomplete file while reading for dump - aborting parsing
[iso file] Unknown box type vref in parent dinf
[iso file] Missing dref box in dinf
[iso file] Incomplete box - start 2637
[iso file] Incomplete file while reading for dump - aborting parsing
MPEG-4 BIFS Scene Parsing
bifs/unquantize.c:298:43: runtime error: shift exponent 4294967295 is too large for 32-bit type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior bifs/unquantize.c:298:43 in
The text was updated successfully, but these errors were encountered:
[AFFECTED AND/OR FIXED VERSION(S)]
AFFECTED VERSION: gpac - version <= 2.2.1
FIXED VERSION: current master branch (patch: #2568)
[PROBLEM TYPE] – must contain at least one: Vulnerability Type, Root Cause, or Impact:
Vulnerability Type: Integer Overflow
Impact: Denial of Service
[DESCRIPTION]
An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the Q_DecCoordOnUnitSphere function of file src/bifs/unquantize.c
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
Description
There is a integer overflow issue in bifs/unquantize.c:298
System info
Ubuntu 22.04.2 LTS
GPAC-2.2.1
Build command
./configure --enable-sanitizer && make
crash command
/usr/local/bin/MP4Box -xmt poc
poc_file:
poc.zip
Crash output:
[iso file] Unknown box type vref in parent dinf
[iso file] Missing dref box in dinf
[iso file] Incomplete box - start 2637
[iso file] Incomplete file while reading for dump - aborting parsing
[iso file] Unknown box type vref in parent dinf
[iso file] Missing dref box in dinf
[iso file] Incomplete box - start 2637
[iso file] Incomplete file while reading for dump - aborting parsing
MPEG-4 BIFS Scene Parsing
bifs/unquantize.c:298:43: runtime error: shift exponent 4294967295 is too large for 32-bit type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior bifs/unquantize.c:298:43 in
The text was updated successfully, but these errors were encountered: