Giters

axiomatic-systems / Bento4

Full-featured MP4 format, MPEG DASH, HLS, CMAF SDK and tools

Home Page:http://www.bento4.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Multiple heap-use-after-free vulnerabilities discovered in Bento4

40ngx opened this issue · comments

commented

Hello, I recently discovered three heap-use-after-free vulnerabilities during fuzz testing of Bento4 using AFL++. They can be triggered by both mp42ts and mp42hls. The environment I use and the crash summary are as follows. Due to the large amount of content, POC and ASAN details will be provided in the link.

Envrionment

Ubuntu 22.04.2 LTS
gcc version 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04)
Ubuntu clang version 14.0.0-1ubuntu1.1

Affected Version

(Bento4 Version 1.6.0.0)
MP4 To MPEG2-TS File Converter - Version 1.3
MP4 To HLS File Converter - Version 1.2

crash SUMMARY

  • AddressSanitizer: heap-use-after-free /root/fuzzing_Bento4/Bento4/Source/C++/Core/Ap4ByteStream.cpp:428:17 in AP4_SubStream::~AP4_SubStream()
  • AddressSanitizer:heap-use-after-free /root/fuzzing_Bento4/Bento4/Source/C++/Core/Ap4Atom.cpp:408:25 in AP4_UnknownAtom::~AP4_UnknownAtom()
  • AddressSanitizer: heap-use-after-free /root/fuzzing_Bento4/Bento4/Source/C++/Core/Ap4Sample.h:99:48 in AP4_Sample::GetOffset() const

details

https://github.com/40ngx/Bento4-crash