-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi all,
while fixing gmerlin-avdec support for Gem on OSX i noticed, that gmerlin-avdecoder freezes the system when opening certain files. in other words: i discovered a vulnerability of gmerlin-avdec, that allows a remote attacker to freeze a host computer via a carefully crafted media-file. the problem appears, whenever a random (non-seekable) file is opened with the "sample-accurate seeking file" flag, bgav_open() might loop forever, eventually consuming memory in every loop. i have created a tiny demo program that illustrates the problem with an illegal file [1]. the input file "Gem.pd_darwin" is really no media file (it's a powerpc binary to be dlopen()ed), but i don't think that this is the relevant here: gmerlin-avdecoder should detect that the media file is none and refuse to load it. fgamsdr IOhannes [1] http://iem.at/~zmoelnig/tmp/gmerlin/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAXxPkACgkQkX2Xpv6ydvTMgwCg8Jy/NBJRL43bptfqAi4W3C8O CFQAoNoF+hGGku/I8x9gymZVhvYTf2uI =JJse -----END PGP SIGNATURE-----
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Gmerlin-general mailing list Gmerlin-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/gmerlin-general
