Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Integer overflow issue in isomedia/box_code_base.c:413 #2652

Closed
xiaoxiaoafeifei opened this issue Oct 19, 2023 · 1 comment
Closed

Integer overflow issue in isomedia/box_code_base.c:413 #2652

xiaoxiaoafeifei opened this issue Oct 19, 2023 · 1 comment

Comments

@xiaoxiaoafeifei
Copy link
Contributor

[Y] I looked for a similar issue and couldn't find any.
[Y] I tried with the latest version of GPAC. Installers available at http://gpac.io/downloads/gpac-nightly-builds/
[Y] I give enough information for contributors to reproduce my issue

Description
There is a integer overflow issue in isomedia/box_code_base.c:413

System info
Ubuntu 22.04.2 LTS
GPAC-2.2.1

Build command
./configure --enable-sanitizer && make

crash command
/usr/local/bin/MP4Box -saf -diod poc

poc_file:
poc.zip

Crash output:
isomedia/box_code_base.c:413:29: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself

@xiaoxiaoafeifei
Copy link
Contributor Author

[AFFECTED AND/OR FIXED VERSION(S)]
AFFECTED VERSION: gpac - version <= 2.2.1
FIXED VERSION: current master branch
(patch: a40a3b7 and 613dbc5)

[PROBLEM TYPE] – must contain at least one: Vulnerability Type, Root Cause, or Impact:
Vulnerability Type: Integer Overflow
Impact: Denial of Service

[DESCRIPTION]
An issue in GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the ctts_box_read function of file src/isomedia/box_code_base.c.

This issue was assigned CVE-2023-47465

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant