Hi, Am 31.07.2012 13:43, schrieb IOhannes m zmoelnig:
> hi all, > > while fixing gmerlin-avdec support for Gem on OSX i noticed, that > gmerlin-avdecoder freezes the system when opening certain files. > > in other words: i discovered a vulnerability of gmerlin-avdec, that > allows a remote attacker to freeze a host computer via a carefully > crafted media-file. > > the problem appears, whenever a random (non-seekable) file is opened > with the "sample-accurate seeking file" flag, bgav_open() might loop > forever, eventually consuming memory in every loop. Fixed. > i have created a tiny demo program that illustrates the problem with > an illegal file [1]. > > > the input file "Gem.pd_darwin" is really no media file (it's a powerpc > binary to be dlopen()ed), but i don't think that this is the relevant > here: > gmerlin-avdecoder should detect that the media file is none and refuse > to load it. Initially detecting that the media file is none is difficult though. I verified that the check for ADTS is already quite strict. It's a general problem with ADTS files (and also mp3), that they have a "weak" file signature, allowing lots of false positives. Burkhard ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Gmerlin-general mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/gmerlin-general
