Closed 0xd4n10 closed 4 months ago
Thanks for the report. I have a fix for it in #76 but I didn't manage to replicate your global-buffer-overflow
error; I only get a segmentation fault error (SEGV on unknown address
). Did you use a different set of compiler options than what I did?
Thanks for the quick response. The global-buffer-overflow occurs when any optimization flag other than the default (-O0) is used.
The global-buffer-overflow occurs when any optimization flag other than the default (-O0) is used.
Confirmed - changed Debug to Release (-O3) and that showed the buffer overflow error.
Description: I found a global-buffer-overflow when testing the MXFDump binary within bmx, specifically in the updateAAFLocalKey function.
Affected Software:
Impact: A global-buffer-overflow vulnerability can lead to application crashes, data corruption, security vulnerabilities, and system instability.
Steps to Reproduce:
Example Output (AddressSanitizer):
POC: bmx-poc.zip
Disclosure Timeline:
Acknowledgments: This vulnerability was discovered and reported by 0xd4n.