heap-buffer-overflow in MediaInfoLib::File_Id3v2::Data_Parse() ../../../Source/MediaInfo/Tag/File_Id3v2.cpp:597 #2105

SuyueGuo · 2024-08-09T10:26:58Z

Summary

A heap-buffer-overflow vulnerability was found in MediaInfo, it may cause arbitrary code execution.

Version

mediainfo --version
MediaInfo Command line, 
MediaInfoLib - v24.06

Details

ASAN output:

=================================================================
==2239452==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000232 at pc 0x7f64f24e02c3 bp 0x7fff8898ac20 sp 0x7fff8898a3c8
WRITE of size 2882 at 0x602000000232 thread T0
    #0 0x7f64f24e02c2 in __interceptor_memcpy ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827
    MediaArea/MediaInfo#1 0x55cf77dbe957 in memcpy /usr/include/x86_64-linux-gnu/bits/string_fortified.h:29
    MediaArea/MediaInfo#2 0x55cf77dbe957 in MediaInfoLib::File_Id3v2::Data_Parse() ../../../Source/MediaInfo/Tag/File_Id3v2.cpp:597
    MediaArea/MediaInfo#3 0x55cf780500bc in MediaInfoLib::File__Analyze::Data_Manage() ../../../Source/MediaInfo/File__Analyze.cpp:2810
    MediaArea/MediaInfo#4 0x55cf7805353c in MediaInfoLib::File__Analyze::Buffer_Parse() ../../../Source/MediaInfo/File__Analyze.cpp:1941
    MediaArea/MediaInfo#5 0x55cf78053c87 in MediaInfoLib::File__Analyze::Open_Buffer_Continue_Loop() ../../../Source/MediaInfo/File__Analyze.cpp:1507
    MediaArea/MediaInfo#6 0x55cf78055767 in MediaInfoLib::File__Analyze::Open_Buffer_Continue(unsigned char const*, unsigned long) ../../../Source/MediaInfo/File__Analyze.cpp:1101
    MediaArea/MediaInfo#7 0x55cf7805b367 in MediaInfoLib::File__Analyze::Open_Buffer_Continue(MediaInfoLib::File__Analyze*, unsigned char const*, unsigned long, bool, double) ../../../Source/MediaInfo/File__Analyze.cpp:1448
    MediaArea/MediaInfo#8 0x55cf77d91c7b in MediaInfoLib::File__Tags_Helper::Synched_Test() ../../../Source/MediaInfo/Tag/File__Tags.cpp:367
    MediaArea/MediaInfo#9 0x55cf7777a793 in MediaInfoLib::File__Tags_Helper::FileHeader_Begin() ../../../Source/MediaInfo/Tag/File__Tags.h:73
    MediaArea/MediaInfo#10 0x55cf7777a793 in MediaInfoLib::File_Flv::FileHeader_Begin() ../../../Source/MediaInfo/Multiple/File_Flv.cpp:654
    MediaArea/MediaInfo#11 0x55cf7804ebee in MediaInfoLib::File__Analyze::FileHeader_Manage() ../../../Source/MediaInfo/File__Analyze.cpp:2524
    MediaArea/MediaInfo#12 0x55cf78054047 in MediaInfoLib::File__Analyze::Open_Buffer_Continue_Loop() ../../../Source/MediaInfo/File__Analyze.cpp:1472
    MediaArea/MediaInfo#13 0x55cf78055767 in MediaInfoLib::File__Analyze::Open_Buffer_Continue(unsigned char const*, unsigned long) ../../../Source/MediaInfo/File__Analyze.cpp:1101
    MediaArea/MediaInfo#14 0x55cf76fe1d6e in MediaInfoLib::MediaInfo_Internal::Open_Buffer_Continue(unsigned char const*, unsigned long) ../../../Source/MediaInfo/MediaInfo_Internal.cpp:1721
    MediaArea/MediaInfo#15 0x55cf77d8afde in MediaInfoLib::Reader_File::Format_Test_PerParser_Continue(MediaInfoLib::MediaInfo_Internal*) ../../../Source/MediaInfo/Reader/Reader_File.cpp:766
    MediaArea/MediaInfo#16 0x55cf77d88433 in MediaInfoLib::Reader_File::Format_Test_PerParser(MediaInfoLib::MediaInfo_Internal*, std::__cxx11::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> > const&) ../../../Source/MediaInfo/Reader/Reader_File.cpp:313
    MediaArea/MediaInfo#17 0x55cf76f96bf6 in MediaInfoLib::MediaInfo_Internal::ListFormats(std::__cxx11::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> > const&) ../../../Source/MediaInfo/MediaInfo_File.cpp:882
    MediaArea/MediaInfo#18 0x55cf77d896d6 in MediaInfoLib::Reader_File::Format_Test(MediaInfoLib::MediaInfo_Internal*, std::__cxx11::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >) ../../../Source/MediaInfo/Reader/Reader_File.cpp:230
    MediaArea/MediaInfo#19 0x55cf7700f15e in MediaInfoLib::MediaInfo_Internal::Entry() ../../../Source/MediaInfo/MediaInfo_Internal.cpp:1416
    MediaArea/MediaInfo#20 0x55cf7700ad7e in MediaInfoLib::MediaInfo_Internal::Open(std::__cxx11::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> > const&) ../../../Source/MediaInfo/MediaInfo_Internal.cpp:1172
    MediaArea/MediaInfo#21 0x55cf77030865 in MediaInfoLib::MediaInfoList_Internal::Entry() ../../../Source/MediaInfo/MediaInfoList_Internal.cpp:212
    MediaArea/MediaInfo#22 0x55cf770393a2 in MediaInfoLib::MediaInfoList_Internal::Open(std::__cxx11::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> > const&, MediaInfoLib::fileoptions_t) ../../../Source/MediaInfo/MediaInfoList_Internal.cpp:148
    MediaArea/MediaInfo#23 0x55cf76f0a70b in main ../../../Source/CLI/CLI_Main.cpp:155
    MediaArea/MediaInfo#24 0x7f64f1f55d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    MediaArea/MediaInfo#25 0x7f64f1f55e3f in __libc_start_main_impl ../csu/libc-start.c:392
    MediaArea/MediaInfo#26 0x55cf76f0f5b4 in _start (/data/fuzz/fuzz-data/target/elf/debug/mediainfo+0x4305b4)

0x602000000232 is located 0 bytes to the right of 2-byte region [0x602000000230,0x602000000232)
allocated by thread T0 here:
    #0 0x7f64f255c357 in operator new[](unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:102
    MediaArea/MediaInfo#1 0x55cf77dbe890 in MediaInfoLib::File_Id3v2::Data_Parse() ../../../Source/MediaInfo/Tag/File_Id3v2.cpp:589

SUMMARY: AddressSanitizer: heap-buffer-overflow ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827 in __interceptor_memcpy
Shadow bytes around the buggy address:
  0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff8000: fa fa 00 fa fa fa 00 fa fa fa 00 fa fa fa 00 fa
  0x0c047fff8010: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x0c047fff8020: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x0c047fff8030: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
=>0x0c047fff8040: fa fa fd fd fa fa[02]fa fa fa fa fa fa fa fa fa
  0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==2239452==ABORTING

Poc

heap_overflow_mediainfo.tar.gz

reproduce:

mediainfo heap_overflow_mediainfo

The text was updated successfully, but these errors were encountered:

cjee21 · 2024-08-17T09:18:50Z

Issue in MediaArea/MediaInfoLib?

MediaInfoLib/Source/MediaInfo/Tag/File_Id3v2.cpp

Line 597 in abdbb21

    
           std::memcpy(Buffer_Unsynch+Buffer_Unsynch_Begin, Save_Buffer+Save_Buffer_Offset+Save_Buffer_Begin, Size);

SuyueGuo · 2024-08-18T14:45:18Z

Yes, maybe I should open this issue in MediaArea/MediaInfoLib?

cjee21 · 2024-09-29T15:28:53Z

@JeromeMartinez
Visual Studio's Analysis also found some potential memory-related issues and other issues with MediaInfoLib. I'm not sure if there are any false positives and whether they can actually be encountered in normal use or be exploited. Therefore I didn't open a new issues about this but thought I should let you know in case you haven't known. Below are some examples. More can be seen by executing Analyze > Run Code Analysis > Run Code Analysis on MediaInfoLib in Visual Studio.

Memory-related:

Severity	Code	Description	Project	File	Line	Suppression State	Details
Warning	C6001	Using uninitialized memory 'Buffer_Offset_Current'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Audio\File_Ac4.cpp	1847		
Warning	C6001	Using uninitialized memory 'nonstd_bed_channel_assignment_mask'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Audio\File_DolbyE.cpp	2403		
Warning	C6001	Using uninitialized memory 'Bitw_Stream_Metadata'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Audio\File_Dts.cpp	1073		
Warning	C6001	Using uninitialized memory 'RefClockCode'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Audio\File_Dts.cpp	1074		
Warning	C6001	Using uninitialized memory 'TimeStamp'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Audio\File_Dts.cpp	1077		
Warning	C6001	Using uninitialized memory 'Num_Frames_Total'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Audio\File_Dts.cpp	1081		
Warning	C6001	Using uninitialized memory 'tnsDataPresent'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Audio\File_Usac.cpp	4515		
Warning	C6001	Using uninitialized memory 'tnsDataPresent[BYTE:0]'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Audio\File_Usac.cpp	4515		
Warning	C6001	Using uninitialized memory 'num_grid_info'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Audio\File_Usac.cpp	4772		
Warning	C6001	Using uninitialized memory 'numQuantSteps'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Audio\File_Usac.cpp	5626		
Warning	C6001	Using uninitialized memory 'Compression'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Image\File_Png.cpp	582		
Warning	C6001	Using uninitialized memory 'maxscl'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Multiple\File_Mk.cpp	5452		
Warning	C6001	Using uninitialized memory 'ProfileLevel'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Multiple\File_Mpeg4_Descriptors.cpp	580		
Warning	C6001	Using uninitialized memory 'default_length'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Multiple\File_Mpeg4_Elements.cpp	5142		
Warning	C6001	Using uninitialized memory 'SDTI_TimeCode_StartTimecode_StreamPos_Last'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Multiple\File_Mxf.cpp	3579		
Warning	C6001	Using uninitialized memory 'SystemScheme1_TimeCodeArray_StartTimecode_StreamPos_Last'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Multiple\File_Mxf.cpp	3587		
Warning	C6001	Using uninitialized memory 'End'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Multiple\File_Nsv.cpp	1420		
Warning	C6001	Using uninitialized memory 'seq_level_idx'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Video\File_Av1.cpp	435		
Warning	C6001	Using uninitialized memory 'maxscl'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Video\File_Hevc.cpp	3271		
Warning	C6001	Using uninitialized memory 'chrominance_factor'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Video\File_ProRes.cpp	332		
Warning	C6001	Using uninitialized memory 'frame_type'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Video\File_ProRes.cpp	333		
Warning	C6001	Using uninitialized memory 'primaries'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Video\File_ProRes.cpp	336		
Warning	C6001	Using uninitialized memory 'transf_func'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Video\File_ProRes.cpp	336		
Warning	C6001	Using uninitialized memory 'colorMatrix'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Video\File_ProRes.cpp	336		
Warning	C6001	Using uninitialized memory 'alpha_info'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Video\File_ProRes.cpp	345		
Warning	C6001	Using uninitialized memory 'bit_depth'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Video\File_Vp9.cpp	306		
Warning	C6001	Using uninitialized memory 'colorspace'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Video\File_Vp9.cpp	307		
Warning	C6001	Using uninitialized memory 'subsampling'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Video\File_Vp9.cpp	311		
Warning	C6001	Using uninitialized memory 'yuv_range_flag'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Video\File_Vp9.cpp	312		
Warning	C6001	Using uninitialized memory 'width_minus_one'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Video\File_Vp9.cpp	316		
Warning	C6001	Using uninitialized memory 'height_minus_one'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Video\File_Vp9.cpp	317

Severity	Code	Description	Project	File	Line	Suppression State	Details
Warning	C6385	Reading invalid data from 's->bl_count'.	zlibstat	\zlib\trees.c	534		
Warning	C6385	Reading invalid data from 's->bl_count'.	zlibstat	\zlib\trees.c	550		
Warning	C6385	Reading invalid data from 'MI_Offsets'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Archive\File_Iso9660.cpp	100		
Warning	C6385	Reading invalid data from 'vDk0'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Audio\File_Aac_GeneralAudio_Sbr.cpp	947		
Warning	C6385	Reading invalid data from 'Aac_ChannelMode'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Audio\File_Aac_Main.cpp	501		
Warning	C6385	Reading invalid data from 'uniDrcConfigExtType_ConfNames'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Audio\File_Usac.cpp	2905		
Warning	C6385	Reading invalid data from 'usacConfigExtType_ConfNames'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Audio\File_Usac.cpp	3380		
Warning	C6385	Reading invalid data from 'C.sbrHandler.bs_df_noise[ch]'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Audio\File_Usac.cpp	4700		
Warning	C6385	Reading invalid data from 'usacExtElementType_Names'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Audio\File_Usac.cpp	5947		
Warning	C6385	Reading invalid data from 'PowersOf10'.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\TimeCode.cpp	511

Severity	Code	Description	Project	File	Line	Suppression State	Details
Warning	C33010	Unchecked lower bound for enum (this->MediaInfoLib::File__Base::StreamKind_Last) used as index..	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\File__Analyze_Streams.cpp	773		
Warning	C33010	Unchecked lower bound for enum (this->MediaInfoLib::File__Analyze::StreamSource) used as index..	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\File__Analyze_Streams.cpp	1005		
Warning	C33010	Unchecked lower bound for enum StreamKind used as index..	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\File__Analyze_Streams.cpp	1061		
Warning	C33010	Unchecked lower bound for enum StreamKind used as index..	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\File__Analyze_Streams.cpp	1744		
Warning	C33010	Unchecked lower bound for enum StreamKind used as index..	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\File__Analyze_Streams.cpp	1893		
Warning	C33010	Unchecked lower bound for enum Format used as index..	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\MediaInfo_Config.cpp	2903		
Warning	C33010	Unchecked lower bound for enum KindOfStream used as index..	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\MediaInfo_Config.cpp	2903		
Warning	C33010	Unchecked lower bound for enum Format used as index..	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\MediaInfo_Config.cpp	2964		
Warning	C33010	Unchecked lower bound for enum KindOfStream used as index..	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\MediaInfo_Config.cpp	3042		
Warning	C33010	Unchecked lower bound for enum KindOfStream used as index..	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\MediaInfo_Config.cpp	3062		
Warning	C33010	Unchecked lower bound for enum KindOfStream used as index..	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\MediaInfo_Config.cpp	3074		
Warning	C33010	Unchecked lower bound for enum KindOfStream used as index..	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\MediaInfo_Config.cpp	3086

Redundant/repeated checks in if statements which I don't know is intentional or mistake/bug:

Warning	C6287	Redundant code.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Audio\File_Adm.cpp	5468

MediaInfoLib/Source/MediaInfo/Audio/File_Adm.cpp

Line 5468 in dbed027

    
           if (IsAdvSSE_Levels.back() > 2 && (Profile == "ITU-R BS.[ADM-NGA-EMISSION]-0" || Profile == "ITU-R BS.[ADM-NGA-EMISSION]-0")) {

Warning	C6287	Redundant code.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\File__Analyze_Streams_Finish.cpp	934

MediaInfoLib/Source/MediaInfo/File__Analyze_Streams_Finish.cpp

Line 934 in dbed027

if (HI_D_Pos==(size_t)-1 && (Item==HI_D_Text || Item==HI_D_Text))

Warning	C6287	Redundant code.	MediaInfoLib	\MediaInfoLib\Source\MediaInfo\Multiple\File_DvDif_Analysis.cpp	787

MediaInfoLib/Source/MediaInfo/Multiple/File_DvDif_Analysis.cpp

Line 787 in dbed027

if (FSC_WasSet_Sum && FSC_WasSet_Sum)

Cppcheck also found:

Id: arrayIndexOutOfBoundsCond
CWE: 788
Either the condition 'Code>=0x80' is redundant or the array 'Iab_Channel_Values[34]' is accessed at index 104, which is out of bounds.

MediaInfoLib/Source/MediaInfo/Audio/File_Iab.cpp

Lines 117 to 118 in dbed027

    
           if (Code>=0x80 && Code<sizeof(Iab_Channel_Values)/sizeof(const char*)-0x18) 
        
               return Iab_Channel_Values[Code-0x18];

If I understand the intention correctly, I think this should be:

if (Code>=0x80 && Code-0x68<sizeof(Iab_Channel_Values)/sizeof(const char*))
        return Iab_Channel_Values[Code-0x68];

cjee21 · 2024-09-30T11:32:49Z

Warning	C6385	Reading invalid data from 'vDk0'.	MediaInfoLib	>\MediaInfoLib\Source\MediaInfo\Audio\File_Aac_GeneralAudio_Sbr.cpp	947

This one likely a false positive since there is already a check:

MediaInfoLib/Source/MediaInfo/Audio/File_Aac_GeneralAudio_Sbr.cpp

Lines 896 to 897 in abdbb21

    
           if (numBands0 == 0 || numBands0 >= 64) 
        
               return false;

So this should not be possible to be out-of-bounds:

MediaInfoLib/Source/MediaInfo/Audio/File_Aac_GeneralAudio_Sbr.cpp

Line 947 in abdbb21

if (vDk1[0]<vDk0[numBands0-1])

SuyueGuo changed the title ~~heap-buffer-overflow in ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827~~ heap-buffer-overflow in MediaInfoLib::File_Id3v2::Data_Parse() ../../../Source/MediaInfo/Tag/File_Id3v2.cpp:597 Aug 9, 2024

JeromeMartinez transferred this issue from MediaArea/MediaInfo Aug 18, 2024

This was referenced Sep 30, 2024

Fix bug in IAB channel code mapping #2116

Merged

Fix out-of-bounds array read in File_Aac_Main #2117

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

heap-buffer-overflow in MediaInfoLib::File_Id3v2::Data_Parse() ../../../Source/MediaInfo/Tag/File_Id3v2.cpp:597 #2105

heap-buffer-overflow in MediaInfoLib::File_Id3v2::Data_Parse() ../../../Source/MediaInfo/Tag/File_Id3v2.cpp:597 #2105

SuyueGuo commented Aug 9, 2024 •

edited

Loading

cjee21 commented Aug 17, 2024

SuyueGuo commented Aug 18, 2024

cjee21 commented Sep 29, 2024

cjee21 commented Sep 30, 2024

heap-buffer-overflow in MediaInfoLib::File_Id3v2::Data_Parse() ../../../Source/MediaInfo/Tag/File_Id3v2.cpp:597 #2105

heap-buffer-overflow in MediaInfoLib::File_Id3v2::Data_Parse() ../../../Source/MediaInfo/Tag/File_Id3v2.cpp:597 #2105

Comments

SuyueGuo commented Aug 9, 2024 • edited Loading

Summary

Version

Details

Poc

cjee21 commented Aug 17, 2024

SuyueGuo commented Aug 18, 2024

cjee21 commented Sep 29, 2024

cjee21 commented Sep 30, 2024

SuyueGuo commented Aug 9, 2024 •

edited

Loading