Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

buffer overflow in QuickTimeVideo::userDataDecoder #2377

Closed
kevinbackhouse opened this issue Oct 8, 2022 · 0 comments · Fixed by #2378
Closed

buffer overflow in QuickTimeVideo::userDataDecoder #2377

kevinbackhouse opened this issue Oct 8, 2022 · 0 comments · Fixed by #2378
Assignees
@kevinbackhouse
Labels
bug OSS-Fuzz Bug reported by https://google.github.io/oss-fuzz/

Comments

@kevinbackhouse
Copy link
Collaborator

Reported by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52053

There is an out-of-bounds write here:

exiv2/src/quicktimevideo.cpp

Line 832 in a2cb06a

io_->readOrThrow(buf.data(), size - 8);

The problem is that buf might be smaller than size - 8.

quicktimevideo.cpp is a new file, so this bug doesn't affect any released versions of exiv2.

poc: https://user-images.githubusercontent.com/4358136/194719660-df2e62c2-1c91-4c12-a330-6988785a1a72.mp4

To reproduce:

exiv2 poc.mp4

(Causes exiv2 to crash.)
@kevinbackhouse kevinbackhouse added bug OSS-Fuzz Bug reported by https://google.github.io/oss-fuzz/ labels Oct 8, 2022
@kevinbackhouse kevinbackhouse self-assigned this Oct 8, 2022
@kevinbackhouse kevinbackhouse mentioned this issue Oct 8, 2022
Merged
@kevinbackhouse kevinbackhouse linked a pull request Oct 8, 2022 that will close this issue
Fix bugs in QuickTimeVideo::userDataDecoder #2378
Merged
@nehaljwani nehaljwani mentioned this issue Apr 30, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kevinbackhouse kevinbackhouse

Labels
bug OSS-Fuzz Bug reported by https://google.github.io/oss-fuzz/
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix bugs in QuickTimeVideo::userDataDecoder kevinbackhouse/exiv2
1 participant
@kevinbackhouse