integer overflow in 32bit system

Status: Beta

Brought to you by: gmerlin, sergiomb

integer overflow in 32bit system

Forum: Help

Creator: Wooseok Kang

Created: 2021-04-04

Updated: 2021-04-04

Wooseok Kang - 2021-04-04

Dear maintainer,

In libquicktime2, there is an integer overflow vulnerability that may cause arbitrary code execution in the 32bit system.

The vulnerability resides in some functions of the program. For example, in quicktime_read_elst() program reads data from file and multiply it with sizeof(quicktime_elst_table_t). In 32bit os, it causes integer overflow then the small heap block is allocated. It leads to buffer overrun when reads data to this buffer.

void quicktime_read_elst(quicktime_t *file, quicktime_elst_t *elst) { ... elst->total_entries = quicktime_read_int32(file); elst->table = (quicktime_elst_table_t*)calloc(1, sizeof(quicktime_elst_table_t) * elst->total_entries); ... }

Thank you.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.