NULL Pointer Dereference in axiomatic-systems/bento4

Valid

Reported on

May 12th 2021

✍️ Description

NULL pointer dereference of Ap4StszAtom.cpp in function GetSampleSize

🕵️‍♂️ Proof of Concept

Verification steps： 1.Get the source code of Bento4 2.Compile the Bento4

$ cd Bento4
$ mkdir check_build && cd check_build
$ cmake ../ -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_C_FLAGS="-fsanitize=address" -DCMAKE_CXX_FLAGS="-fsanitize=address"
$ make -j 32

3.run mp42aac

$ ./mp42aac poc.mp4 /dev/null

💥 Impact

This vulnerability is capable of DDos

References :

https://github.com/axiomatic-systems/Bento4/issues/602

References

https://github.com/axiomatic-systems/Bento4

Jamie Slome

commented 3 years ago

Admin

Duplicate to https://huntr.dev/bounties/1-other-axiomatic-systems/Bento4/ ?

Dimitry Ishenko

commented 3 years ago

Maintainer

@Jamie No this is not duplicate. I've submitted fixes for both. Thanks for reporting.

Jamie Slome

commented 3 years ago

Admin

@Super - thanks for the heads up. Feel free to confirm the fix when you are happy. You will only be able to select a single one, so I would recommend just making sure when you confirm the fix, that you select the commit SHA that reflects both fixes in your repository.

Dimitry Ishenko marked this as fixed with commit f69a9c 2 years ago

Dimitry Ishenko has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation

Jamie Slome

commented 3 years ago

Admin

Duplicate to https://huntr.dev/bounties/1-other-axiomatic-systems/Bento4/ ?

Dimitry Ishenko

commented 3 years ago

Maintainer

@Jamie No this is not duplicate. I've submitted fixes for both. Thanks for reporting.

Jamie Slome

commented 3 years ago

Admin

Dimitry Ishenko marked this as fixed with commit f69a9c 2 years ago

Dimitry Ishenko has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation