Category Archives: security

graphicsmagick: assertion failure in pixel_cache.c

Description: graphicsmagick is a collection of tools and libraries for many image formats. The complete output of the issue: # gm convert $FILE null gm: magick/pixel_cache.c:1089: const PixelPacket AcquireImagePixels(const Image , const long, const long, const unsigned long, const unsigned … Continue reading

Posted in advisories, security | Leave a comment

bladeenc: global buffer overflow in iteration_loop (loop.c)

Description: bladeenc is an mp3 encoder. There is a write overflow by default without a crafted file in the bladeenc command-line tool. The upstream website does not work anymore for me. The complete ASan output of the issue: # bladeenc … Continue reading

Posted in advisories, security | Leave a comment

bento4: stack-based buffer underflow in AP4_VisualSampleEntry::ReadFields (Ap4SampleEntry.cpp)

Description: bento4 is a fast, modern, open source C++ toolkit for all your MP4 and MPEG DASH media format needs. The complete ASan output of the issue: # mp42aac $FILE out.aac ==4435==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x7fe62b800e86 at pc 0x00000057b5a3 … Continue reading

Posted in advisories, security | Leave a comment

bento4: stack-based buffer overflow in AP4_VisualSampleEntry::ReadFields (Ap4SampleEntry.cpp)

Description: bento4 is a fast, modern, open source C++ toolkit for all your MP4 and MPEG DASH media format needs. The complete ASan output of the issue: # mp42aac $FILE out.aac ==9052==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fc5ce900866 at pc 0x00000057b5a3 … Continue reading

Posted in advisories, security | Leave a comment

bento4: heap-based buffer overflow in AP4_DataBuffer::SetData (Ap4DataBuffer.cpp)

Description: bento4 is a fast, modern, open source C++ toolkit for all your MP4 and MPEG DASH media format needs. The complete ASan output of the issue: # mp42aac $FILE out.aac ==20986==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x606000000174 at pc 0x0000004ee515 … Continue reading

Posted in advisories, security | Leave a comment

bento4: heap-based buffer overflow in AP4_BytesToUInt32BE (Ap4Utils.h)

Description: bento4 is a fast, modern, open source C++ toolkit for all your MP4 and MPEG DASH media format needs. The complete ASan output of the issue: # mp42aac $FILE out.aac ==1966==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x617000000324 at pc 0x000000690d51 … Continue reading

Posted in advisories, security | Leave a comment

bento4: heap-based buffer overflow in AP4_HdlrAtom::AP4_HdlrAtom (Ap4HdlrAtom.cpp)

Description: bento4 is a fast, modern, open source C++ toolkit for all your MP4 and MPEG DASH media format needs. The complete ASan output of the issue: # mp42aac $FILE out.aac ==10603==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000000af at pc 0x000000622588 … Continue reading

Posted in advisories, security | Leave a comment

bento4: NULL pointer dereference in AP4_StdcFileByteStream::ReadPartial (Ap4StdCFileByteStream.cpp)

Description: bento4 is a fast, modern, open source C++ toolkit for all your MP4 and MPEG DASH media format needs. The complete ASan output of the issue: # mp42aac $FILE out.aac ASAN:DEADLYSIGNAL ================================================================= ==18215==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 … Continue reading

Posted in advisories, security | Leave a comment

bento4: NULL pointer dereference in AP4_DataAtom::~AP4_DataAtom (Ap4MetaData.cpp)

Description: bento4 is a fast, modern, open source C++ toolkit for all your MP4 and MPEG DASH media format needs. The complete ASan output of the issue: # mp42aac $FILE out.aac ASAN:DEADLYSIGNAL ================================================================= ==11595==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 … Continue reading

Posted in advisories, security | Leave a comment

bento4: NULL pointer dereference in AP4_AtomSampleTable::GetSample (Ap4AtomSampleTable.cpp)

Description: bento4 is a fast, modern, open source C++ toolkit for all your MP4 and MPEG DASH media format needs. The complete ASan output of the issue: # mp42aac $FILE out.aac ASAN:DEADLYSIGNAL ================================================================= ==6365==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 … Continue reading

Posted in advisories, security | Leave a comment