Axiomatic Bento4 Heap-Based Buffer Overflow Vulnerability in DSI v1 Parser

A heap-based buffer overflow vulnerability has been identified in Axiomatic Bento4 versions through 1.6.0-641. The issue arises in the DSI v1 parser within the AP4_Dac4Atom constructor, specifically when the AP4_BitReader::SkipBits function processes the n_presentations argument. This vulnerability allows a crafted MP4 file to cause the parser to read beyond the allocated heap buffer, leading to out-of-bounds memory access. The vulnerability requires local exploitation, and a public exploit is available.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, leading to out-of-bounds memory access. This type of memory corruption can commonly be exploited to execute arbitrary code or cause a program crash.

Reproduction

To reproduce this vulnerability, build Bento4 with AddressSanitizer enabled. Then, use the mp4dump tool included with Bento4 to parse a crafted MP4 file that contains a dac4 atom with a large n_presentations value, up to 511. The AddressSanitizer will detect the heap-buffer-overflow error, indicating that the vulnerability has been successfully exploited.