Mageia Bugzilla – Attachment 11546 Details for
Bug 26131
gpac new security issues CVE-2018-21015, CVE-2018-21016, CVE-2019-13618, CVE-2019-20161, CVE-2019-20162, CVE-2019-20163, CVE-2019-20165, CVE-2019-20170, CVE-2019-20171, CVE-2019-20208
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
New Account
|
Forgot Password
Summary of PoC tests for gpac
poctests (text/plain), 6.84 KB, created by
Len Lawrence
on 2020-03-09 13:15:58 CET
(
hide
)
Description:
Summary of PoC tests for gpac
Filename:
MIME Type:
Creator:
Len Lawrence
Created:
2020-03-09 13:15:58 CET
Size:
6.84 KB
patch
obsolete
>mga7, x86_64 > >*Before updates* > >CVE-2018-21015 >https://github.com/gpac/gpac/issues/1179 >https://github.com/Marsman1996/pocs/blob/master/gpac/poc12-SEGV >$ MP4Box -diso poc12-SEGV >[iso file] Unknown box type m.ov >[iso file] Box "mvhd" is invalid in container m.ov >[iso file] Read Box type .... (0x00000001) has size 0 but is not at root/file level, skipping >Segmentation fault (core dumped) > >CVE-2018-21016 >https://github.com/gpac/gpac/issues/1180 >https://github.com/Marsman1996/pocs/blob/master/gpac/poc14-heapoverflow >$ MP4Box -diso poc14-heapoverflow >[iso file] Unknown box type momv >[iso file] Box "mvhd" is invalid in container momv >[...] >[iso file] Incomplete file while reading for dump - aborting parsing >free(): double free detected in tcache 2 >Aborted (core dumped) > >CVE-2019-13618 >https://github.com/gpac/gpac/issues/1250 >http://blog.topsec.com.cn/gpac-heap-buffer-overflow-in-gf_m2ts_sync/ >$ file heap-over-flow.zip >heap-over-flow.zip: RAR archive data, v5 >Failed to extract this file - tried unzip, unrar and engrampa. No-go. > >CVE-2019-20161 >https://github.com/gpac/gpac/issues/1320 >https://github.com/Clingto/POC/blob/master/gpac-MP4Box/POC-ReadGF_IPMPX_WatermarkingInit >$ file POC-ReadGF_IPMPX_WatermarkingInit >POC-ReadGF_IPMPX_WatermarkingInit: ISO Media, MP4 v2 [ISO 14496-14] >$ MP4Box -diso POC-ReadGF_IPMPX_WatermarkingInit >[ODF] Error reading descriptor (tag 11 size 64): Invalid MPEG-4 Descriptor >[iso file] Read Box "esds" failed (Invalid MPEG-4 Descriptor) - skipping >Error opening file POC-ReadGF_IPMPX_WatermarkingInit: Invalid MPEG-4 Descriptor ><This could mean that the issue had already been fixed> > >CVE-2019-20162 >https://github.com/gpac/gpac/issues/1327 >https://github.com/Clingto/POC/blob/master/gpac-MP4Box/gpac-00dfc93-crashes/POC-new-gf_isom_box_parse_ex >https://github.com/Clingto/POC/blob/master/gpac-MP4Box/gpac-00dfc93-crashes/POC-new-gf_isom_box_parse_ex-2 >$ MP4Box -diso POC-new-gf_isom_box_parse_ex >Segmentation fault (core dumped) >$ MP4Box -diso POC-new-gf_isom_box_parse_ex-2 >Segmentation fault (core dumped) > >CVE-2019-20163 >https://github.com/gpac/gpac/issues/1335 >https://github.com/Clingto/POC/blob/master/gpac-MP4Box/gpac-00dfc93-crashes/POC-new-gf_odf_avc_cfg_write_bs >$ MP4Box -diso POC-new-gf_odf_avc_cfg_write_bs >[iso file] Read Box type .... (0x00000001) has size 0 but is not at root/file level, skipping >Segmentation fault (core dumped) > >CVE-2019-20165 >https://github.com/gpac/gpac/issues/1338 >https://github.com/Clingto/POC/blob/master/gpac-MP4Box/gpac-00dfc93-crashes/POC-new-ilst_item_Read >$ MP4Box -diso POC-new-ilst_item_Read >[iso file] Read Box type data (0x64617461) has size 0 but is not at root/file level, skipping >Segmentation fault (core dumped) > >CVE-2019-20170 >https://github.com/gpac/gpac/issues/1328 >https://github.com/Clingto/POC/blob/master/gpac-MP4Box/gpac-00dfc93-crashes/POC-new-GF_IPMPX_AUTH_Delete >$ MP4Box -diso POC-new-GF_IPMPX_AUTH_Delete >[iso file] Unknown box type wide >[ODF] Error reading descriptor (tag 11 size 127): BitStream Not Compliant >[iso file] Read Box "esds" failed (BitStream Not Compliant) - skipping >Error opening file POC-new-GF_IPMPX_AUTH_Delete: BitStream Not Compliant ><Could be patched already> > >CVE-2019-20171 >https://github.com/gpac/gpac/issues/1337 >$ MP4Box -diso POC-new-memory-leak >[iso file] Box "metx" size 15 invalid (read 25) >[iso file] Box "abst" size 24 invalid (read 104) >[iso file] Incomplete box abst >[iso file] Incomplete file while reading for dump - aborting parsing >[iso file] Box "metx" size 15 invalid (read 25) >[iso file] Box "abst" size 24 invalid (read 104) >[iso file] Incomplete file while reading for dump - aborting parsing >Truncated file - missing 24 bytes >Error opening file POC-new-memory-leak: IsoMedia File is truncated ><Maybe handled already> > >CVE-2019-20208 >https://github.com/gpac/gpac/issues/1348 >https://github.com/gutiniao/afltest/blob/master/011-stack-dimC_Read1000 >$ MP4Box -diso 011-stack-dimC_Read1000 >[isom] not enough bytes in box dimC: 244 left, reading 1526 (file isomedia/box_code_3gpp.c, line 1004) >*** stack smashing detected ***: <unknown> terminated >Aborted (core dumped) > >Enabled tainted updates testing and updated the three packages. > >*After updates* > >CVE-2018-21015 >$ MP4Box -diso poc12-SEGV >[...] >Truncated file - missing 0 bytes >Error opening file poc12-SEGV: IsoMedia File is truncated ><Good result> > >CVE-2018-21016 >$ MP4Box -diso poc14-heapoverflow ><The output looked just like the previous test including the Abort so this one is not fixed> > >CVE-2019-13618 >Skipped this because of the problem retrieving the PoC file. > >CVE-2019-20161 >$ MP4Box -diso POC-ReadGF_IPMPX_WatermarkingInit >[ODF] Error reading descriptor (tag 11 size 64): Invalid MPEG-4 Descriptor >[iso file] Read Box "esds" failed (Invalid MPEG-4 Descriptor) - skipping >Error opening file POC-ReadGF_IPMPX_WatermarkingInit: Invalid MPEG-4 Descriptor ><Good result, confirming earlier conclusion> > >CVE-2019-20162 >$ MP4Box -diso POC-new-gf_isom_box_parse_ex >[iso file] Incomplete box tref >[iso file] Incomplete file while reading for dump - aborting parsing >[iso file] Incomplete file while reading for dump - aborting parsing >Truncated file - missing 405 bytes >Error opening file POC-new-gf_isom_box_parse_ex: IsoMedia File is truncated >$ MP4Box -diso POC-new-gf_isom_box_parse_ex-2 >[iso file] Incomplete box tref >[iso file] Incomplete file while reading for dump - aborting parsing >[iso file] Incomplete file while reading for dump - aborting parsing >Truncated file - missing 405 bytes >Error opening file POC-new-gf_isom_box_parse_ex-2: IsoMedia File is truncated ><Good result> > >CVE-2019-20163 >$ MP4Box -diso POC-new-gf_odf_avc_cfg_write_bs >[iso file] Read Box type .... (0x00000001) has size 0 but is not at root/file level, skipping >[iso file] Box "avc1" is larger than container box >[iso file] Box "stsd" size 162 invalid (read 418) >[iso file] Box "svcC" is invalid in container stbl >[iso file] Read Box type .... (0x00000001) has size 0 but is not at root/file level, skipping ><No segfault> > >CVE-2019-20165 >$ MP4Box -diso POC-new-ilst_item_Read >[iso file] Read Box type data (0x64617461) has size 0 but is not at root/file level, skipping >[iso file] Read Box "----" failed (Invalid IsoMedia File) - skipping >Error opening file POC-new-ilst_item_Read: Invalid IsoMedia File ><Good, no segfault> > >CVE-2019-20170 >$ MP4Box -diso POC-new-GF_IPMPX_AUTH_Delete ><Returns same diagnostic messages - confirmed fixed> > >CVE-2019-20171 >$ MP4Box -diso POC-new-memory-leak ><Same messages - confirms that the bug had already been squashed> > >CVE-2019-20208 >$ MP4Box -diso 011-stack-dimC_Read1000 >[isom] not enough bytes in box dimC: 244 left, reading 1024 (file isomedia/box_code_3gpp.c, line 1004) >[iso file] Read Box "dimC" failed (Invalid IsoMedia File) - skipping >Error opening file 011-stack-dimC_Read1000: Invalid IsoMedia File ><Good result - not aborting> > >Most of the issues are confirmed as fixed, one we can say nothing about and CVE-2018-21016 probably still needs to be addressed.
mga7, x86_64 *Before updates* CVE-2018-21015 https://github.com/gpac/gpac/issues/1179 https://github.com/Marsman1996/pocs/blob/master/gpac/poc12-SEGV $ MP4Box -diso poc12-SEGV [iso file] Unknown box type m.ov [iso file] Box "mvhd" is invalid in container m.ov [iso file] Read Box type .... (0x00000001) has size 0 but is not at root/file level, skipping Segmentation fault (core dumped) CVE-2018-21016 https://github.com/gpac/gpac/issues/1180 https://github.com/Marsman1996/pocs/blob/master/gpac/poc14-heapoverflow $ MP4Box -diso poc14-heapoverflow [iso file] Unknown box type momv [iso file] Box "mvhd" is invalid in container momv [...] [iso file] Incomplete file while reading for dump - aborting parsing free(): double free detected in tcache 2 Aborted (core dumped) CVE-2019-13618 https://github.com/gpac/gpac/issues/1250 http://blog.topsec.com.cn/gpac-heap-buffer-overflow-in-gf_m2ts_sync/ $ file heap-over-flow.zip heap-over-flow.zip: RAR archive data, v5 Failed to extract this file - tried unzip, unrar and engrampa. No-go. CVE-2019-20161 https://github.com/gpac/gpac/issues/1320 https://github.com/Clingto/POC/blob/master/gpac-MP4Box/POC-ReadGF_IPMPX_WatermarkingInit $ file POC-ReadGF_IPMPX_WatermarkingInit POC-ReadGF_IPMPX_WatermarkingInit: ISO Media, MP4 v2 [ISO 14496-14] $ MP4Box -diso POC-ReadGF_IPMPX_WatermarkingInit [ODF] Error reading descriptor (tag 11 size 64): Invalid MPEG-4 Descriptor [iso file] Read Box "esds" failed (Invalid MPEG-4 Descriptor) - skipping Error opening file POC-ReadGF_IPMPX_WatermarkingInit: Invalid MPEG-4 Descriptor <This could mean that the issue had already been fixed> CVE-2019-20162 https://github.com/gpac/gpac/issues/1327 https://github.com/Clingto/POC/blob/master/gpac-MP4Box/gpac-00dfc93-crashes/POC-new-gf_isom_box_parse_ex https://github.com/Clingto/POC/blob/master/gpac-MP4Box/gpac-00dfc93-crashes/POC-new-gf_isom_box_parse_ex-2 $ MP4Box -diso POC-new-gf_isom_box_parse_ex Segmentation fault (core dumped) $ MP4Box -diso POC-new-gf_isom_box_parse_ex-2 Segmentation fault (core dumped) CVE-2019-20163 https://github.com/gpac/gpac/issues/1335 https://github.com/Clingto/POC/blob/master/gpac-MP4Box/gpac-00dfc93-crashes/POC-new-gf_odf_avc_cfg_write_bs $ MP4Box -diso POC-new-gf_odf_avc_cfg_write_bs [iso file] Read Box type .... (0x00000001) has size 0 but is not at root/file level, skipping Segmentation fault (core dumped) CVE-2019-20165 https://github.com/gpac/gpac/issues/1338 https://github.com/Clingto/POC/blob/master/gpac-MP4Box/gpac-00dfc93-crashes/POC-new-ilst_item_Read $ MP4Box -diso POC-new-ilst_item_Read [iso file] Read Box type data (0x64617461) has size 0 but is not at root/file level, skipping Segmentation fault (core dumped) CVE-2019-20170 https://github.com/gpac/gpac/issues/1328 https://github.com/Clingto/POC/blob/master/gpac-MP4Box/gpac-00dfc93-crashes/POC-new-GF_IPMPX_AUTH_Delete $ MP4Box -diso POC-new-GF_IPMPX_AUTH_Delete [iso file] Unknown box type wide [ODF] Error reading descriptor (tag 11 size 127): BitStream Not Compliant [iso file] Read Box "esds" failed (BitStream Not Compliant) - skipping Error opening file POC-new-GF_IPMPX_AUTH_Delete: BitStream Not Compliant <Could be patched already> CVE-2019-20171 https://github.com/gpac/gpac/issues/1337 $ MP4Box -diso POC-new-memory-leak [iso file] Box "metx" size 15 invalid (read 25) [iso file] Box "abst" size 24 invalid (read 104) [iso file] Incomplete box abst [iso file] Incomplete file while reading for dump - aborting parsing [iso file] Box "metx" size 15 invalid (read 25) [iso file] Box "abst" size 24 invalid (read 104) [iso file] Incomplete file while reading for dump - aborting parsing Truncated file - missing 24 bytes Error opening file POC-new-memory-leak: IsoMedia File is truncated <Maybe handled already> CVE-2019-20208 https://github.com/gpac/gpac/issues/1348 https://github.com/gutiniao/afltest/blob/master/011-stack-dimC_Read1000 $ MP4Box -diso 011-stack-dimC_Read1000 [isom] not enough bytes in box dimC: 244 left, reading 1526 (file isomedia/box_code_3gpp.c, line 1004) *** stack smashing detected ***: <unknown> terminated Aborted (core dumped) Enabled tainted updates testing and updated the three packages. *After updates* CVE-2018-21015 $ MP4Box -diso poc12-SEGV [...] Truncated file - missing 0 bytes Error opening file poc12-SEGV: IsoMedia File is truncated <Good result> CVE-2018-21016 $ MP4Box -diso poc14-heapoverflow <The output looked just like the previous test including the Abort so this one is not fixed> CVE-2019-13618 Skipped this because of the problem retrieving the PoC file. CVE-2019-20161 $ MP4Box -diso POC-ReadGF_IPMPX_WatermarkingInit [ODF] Error reading descriptor (tag 11 size 64): Invalid MPEG-4 Descriptor [iso file] Read Box "esds" failed (Invalid MPEG-4 Descriptor) - skipping Error opening file POC-ReadGF_IPMPX_WatermarkingInit: Invalid MPEG-4 Descriptor <Good result, confirming earlier conclusion> CVE-2019-20162 $ MP4Box -diso POC-new-gf_isom_box_parse_ex [iso file] Incomplete box tref [iso file] Incomplete file while reading for dump - aborting parsing [iso file] Incomplete file while reading for dump - aborting parsing Truncated file - missing 405 bytes Error opening file POC-new-gf_isom_box_parse_ex: IsoMedia File is truncated $ MP4Box -diso POC-new-gf_isom_box_parse_ex-2 [iso file] Incomplete box tref [iso file] Incomplete file while reading for dump - aborting parsing [iso file] Incomplete file while reading for dump - aborting parsing Truncated file - missing 405 bytes Error opening file POC-new-gf_isom_box_parse_ex-2: IsoMedia File is truncated <Good result> CVE-2019-20163 $ MP4Box -diso POC-new-gf_odf_avc_cfg_write_bs [iso file] Read Box type .... (0x00000001) has size 0 but is not at root/file level, skipping [iso file] Box "avc1" is larger than container box [iso file] Box "stsd" size 162 invalid (read 418) [iso file] Box "svcC" is invalid in container stbl [iso file] Read Box type .... (0x00000001) has size 0 but is not at root/file level, skipping <No segfault> CVE-2019-20165 $ MP4Box -diso POC-new-ilst_item_Read [iso file] Read Box type data (0x64617461) has size 0 but is not at root/file level, skipping [iso file] Read Box "----" failed (Invalid IsoMedia File) - skipping Error opening file POC-new-ilst_item_Read: Invalid IsoMedia File <Good, no segfault> CVE-2019-20170 $ MP4Box -diso POC-new-GF_IPMPX_AUTH_Delete <Returns same diagnostic messages - confirmed fixed> CVE-2019-20171 $ MP4Box -diso POC-new-memory-leak <Same messages - confirms that the bug had already been squashed> CVE-2019-20208 $ MP4Box -diso 011-stack-dimC_Read1000 [isom] not enough bytes in box dimC: 244 left, reading 1024 (file isomedia/box_code_3gpp.c, line 1004) [iso file] Read Box "dimC" failed (Invalid IsoMedia File) - skipping Error opening file 011-stack-dimC_Read1000: Invalid IsoMedia File <Good result - not aborting> Most of the issues are confirmed as fixed, one we can say nothing about and CVE-2018-21016 probably still needs to be addressed.
View Attachment As Raw
Actions:
View
Attachments on
bug 26131
: 11546