Arzedlab 🪵

CVE-2021-36414: heap-buffer-overflow MP4Box

Posted on Apr 4, 2023
Table of contents:

CVE-2021-36414

A heap-buffer-overflow has occurred when running program MP4Box,which leads to a Deny of Service caused by dividing zero without sanity check,this can reproduce on the lattest commit.

Here: the main problem is dividing into zero

image.png

Assigning block_size:

block_size = ent ? ent->sampleDelta : 160;
  • This line uses the conditional (ternary) operator to assign a value to block_size.
  • It checks if ent is not NULL.
    • If ent is valid (i.e., not NULL), block_size is assigned the value of ent->sampleDelta.
    • If ent is NULL, block_size is assigned a default value of 160.

Fix

image.png

https://github.com/gpac/gpac/commit/6007c7145eb0fcd29fe05b6e5983a065b42c6b21

Way of finding

Bug find out by fuzzing checks.

https://github.com/gpac/gpac/issues/1840