MediaArea ZenLib Ztring.cpp Date_From_Seconds_1970_Local unknown vulnerability

Vulnerability

The vulnerability resides in the function Ztring::Date_From_Seconds_1970_Local in file Source/ZenLib/Ztring.cpp of the MediaArea ZenLib library (versions up to and including 0.4.38). The function does not check the return value of localtime or localtime_r, which can return a null pointer. This leads to a null pointer dereference when the code unconditionally accesses members of the returned pointer Gmt [1]. The issue is classified as CWE-690 (Unchecked Return Value to NULL Pointer Dereference) [1].

Exploitation

An attacker needs no special privileges; the vulnerability is triggered by passing a crafted argument Value to the Date_From_Seconds_1970_Local function. If the underlying time conversion fails (e.g., due to an invalid timestamp), the function dereferences a null pointer. No user interaction beyond triggering the vulnerable code path is required [1][3].

Impact

Successful exploitation results in a null pointer dereference, leading to an application crash (denial of service). The vulnerability is classified as problematic with a potential for availability impact. There is no indication of information disclosure or code execution [1].

Mitigation

The vulnerability is fixed in version 0.4.39, released on an unknown date [2]. The patch commit 6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408 [3] adds a null check for Gmt before dereferencing. Users should upgrade to version 0.4.39 or later [1][2]. There is no known workaround for earlier versions. The CVE is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.