cve/2019/CVE-2019-6966.md

CVE-2019-6966

Description

An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in Core/Ap4ElstAtom.cpp has an attempted excessive memory allocation related to AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h, as demonstrated by mp42hls.

POC

Reference

• https://github.com/axiomatic-systems/Bento4/issues/361

Github

• https://github.com/ICSE2020-MemLock/MemLock_Benchmark
• https://github.com/SZU-SE/MemLock_Benchmark
• https://github.com/SZU-SE/Uncontrolled-allocation-Fuzzer-TestSuite
• https://github.com/tzf-key/MemLock_Benchmark
• https://github.com/tzf-omkey/MemLock_Benchmark
• https://github.com/wcventure/MemLock_Benchmark