CVE-2021-37232

Vulnerability

A stack buffer overflow vulnerability exists in AtomicParsley version 20210124.204813.840499f (and possibly earlier) in the APar_read64() function in src/util.cpp. The function reads data from a file into a buffer uint32_buffer that is only 5 bytes in size, but it attempts to read 8 bytes, causing a stack buffer overflow [1]. The overflow occurs when parsing movie details with specific arguments (e.g., -T 1 -t +) [1]. The affected code path is in APar_ExtractDetails() at line 1591 of src/extracts.cpp [1].

Exploitation

An attacker can trigger the vulnerability by providing a crafted MP4 file to AtomicParsley. The user must run AtomicParsley with arguments that cause the parsing of the file (e.g., -T 1 -t +) [1]. No authentication is required; the attacker only needs to convince the victim to process the malicious file. The overflow occurs during the fread call in APar_read64() at line 299 of util.cpp [1]. The stack buffer overflow writes 8 bytes into a 5-byte buffer, overwriting adjacent stack memory.

Impact

Successful exploitation could lead to arbitrary code execution or denial of service. The Gentoo security advisory (GLSA 202305-01) lists this CVE among multiple vulnerabilities that could result in arbitrary code execution [3]. The overflow is a stack buffer overflow, which can be leveraged to control the instruction pointer and execute arbitrary code with the privileges of the user running AtomicParsley.

Mitigation

The fix was committed in commit d72ccf06c98259d7261e0f3ac4fd8717778782c1, which changes the buffer size from 5 to 8 bytes [2]. Users should upgrade to a version containing this fix. The Gentoo advisory recommends upgrading to >=media-video/atomicparsley-0.9.6_p20210715_p151551 [3]. If upgrading is not possible, users should avoid processing untrusted MP4 files with AtomicParsley.