Describe the bug
We (School of Cyber Science and Technology, Shandong University) found that MP4_ReadBox_stts can cause 'allocator out of memory' when it processes malformed messages.
Expected behavior
If Asan is enabled at compile time, the MP4_ReadBox_stts crashes and displays ASAN information.
Actual Behavior
If Asan is enabled at compile time, the MP4_ReadBox_stts crashes and displays ASAN information, which can cause DOS.
MP4_ReadBox_stts
can cause 'allocator out of memory' when it processes malformed messages.Expected behavior If Asan is enabled at compile time, the
MP4_ReadBox_stts
crashes and displays ASAN information.Actual Behavior
If Asan is enabled at compile time, the
MP4_ReadBox_stts
crashes and displays ASAN information, which can cause DOS.To Reproduce
Similarly, we will upload a vulnerability POC to https://drive.google.com/file/d/1TV2McXfsw7tYfpUofMiaCNxGydJMjKDe/view?usp=share_link to help developers fix this vulnerability.
Environment Details