cve/2018/CVE-2018-20186.md

CVE-2018-20186

Description

An issue was discovered in Bento4 1.5.1-627. AP4_Sample::ReadData in Core/Ap4Sample.cpp allows attackers to trigger an attempted excessive memory allocation, related to AP4_DataBuffer::SetDataSize and AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp.

POC

Reference

• https://github.com/axiomatic-systems/Bento4/issues/342

Github

• https://github.com/ICSE2020-MemLock/MemLock_Benchmark
• https://github.com/SZU-SE/MemLock_Benchmark
• https://github.com/SZU-SE/Uncontrolled-allocation-Fuzzer-TestSuite
• https://github.com/tzf-key/MemLock_Benchmark
• https://github.com/tzf-omkey/MemLock_Benchmark
• https://github.com/wcventure/MemLock_Benchmark