Axiomatic Bento4 Heap-Based Buffer Overflow Vulnerability in MP4 File Parser

A heap-based buffer overflow vulnerability has been identified in Axiomatic Bento4 versions through 1.6.0-641. The issue arises in the MP4 file parser component, specifically within the AP4_Dac4Atom constructor of the Ap4Dac4Atom.cpp file. When a crafted MP4 file containing a dac4 atom with an insufficient payload size is parsed, the AP4_BitReader reads beyond the allocated heap buffer. This out-of-bounds read can lead to memory corruption, potentially allowing for information disclosure or causing a denial-of-service condition by crashing the application.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, leading to memory corruption. This type of vulnerability can often be exploited to execute arbitrary code or cause a program to crash.

Reproduction

The vulnerability can be reproduced by building Bento4 with AddressSanitizer enabled, saving the crafted PoC MP4 file, and then using the mp4dump tool to parse the file. The AddressSanitizer will detect the heap-buffer-overflow error, indicating that the vulnerability has been successfully exploited.

Remediation

No known mitigation is available for this vulnerability.