[XviD-devel] Security Bug in Xvid-core
Radek Czyz
radoslaw at syskin.cjb.net
Wed Jun 27 14:04:00 CEST 2007
Huh. I suppose we need to take out these #ifdef _DEBUG around
coefficient safeguard. Too bad this is speed-critical code.
However, the exploitability of this problem looks zero to me, since
you'll write to a location taken from zigzag[too_much] which is unlikely
to give you any sensible pointer, and even if it does, it's only a
two-byte write.
Still, let's just not crash :)
Radek
Dirk Knop wrote:
> Hello everyone,
>
> I just found a security advisory by Secunia:
> "Trixter Jack has reported a vulnerability in the Xvid library, which
> can be exploited by malicious people to compromise an application using
> the library.
>
> The vulnerability is caused due to an array indexing error in the
> "get_intra_block()" function within src/bitstream/mbcoding.c while
> processing Xvid Avi files. This can be exploited to corrupt memory via a
> specially crafted file.
>
> Successful exploitation may allow execution of arbitrary code.
>
> The vulnerability reportedly also affects the "get_inter_block_h263()"
> and "get_inter_block_mpeg()" functions.
>
> The vulnerability is reported in version 1.1.2"
>
> http://secunia.com/advisories/25711/
>
> I didn't do a cvs checkout for a long time, but is there a fix available
> already? Should we roll out a new version asap?
>
> Best regards
> Dirk
> _______________________________________________
> XviD-devel mailing list
> XviD-devel at xvid.org
> http://list.xvid.org/mailman/listinfo/xvid-devel
>
>
More information about the XviD-devel
mailing list