[XviD-devel] Security Bug in Xvid-core

Michael Militzer michael at xvid.org
Wed Jun 27 16:38:59 CEST 2007


Hi,

I agree that it's at least not a trivial exploit (if reasonably possible
at all). But I am not an expert with this...

I have committed what I believe is a fix for that potential problem to
CVS head, which also does not cost us much performance. If ok, we can
create a bugfix release from this patch later today.

Regards,
Michael


Quoting Radek Czyz <radoslaw at syskin.cjb.net>:

> Huh. I suppose we need to take out these #ifdef _DEBUG around
> coefficient safeguard. Too bad this is speed-critical code.
>
> However, the exploitability of this problem looks zero to me, since
> you'll write to a location taken from zigzag[too_much] which is unlikely
> to give you any sensible pointer, and even if it does, it's only a
> two-byte write.
>
> Still, let's just not crash :)
>
> Radek
>
>
> Dirk Knop wrote:
>> Hello everyone,
>>
>> I just found a security advisory by Secunia:
>> "Trixter Jack has reported a vulnerability in the Xvid library, which
>> can be exploited by malicious people to compromise an application using
>> the library.
>>
>> The vulnerability is caused due to an array indexing error in the
>> "get_intra_block()" function within src/bitstream/mbcoding.c while
>> processing Xvid Avi files. This can be exploited to corrupt memory via a
>> specially crafted file.
>>
>> Successful exploitation may allow execution of arbitrary code.
>>
>> The vulnerability reportedly also affects the "get_inter_block_h263()"
>> and "get_inter_block_mpeg()" functions.
>>
>> The vulnerability is reported in version 1.1.2"
>>
>> http://secunia.com/advisories/25711/
>>
>> I didn't do a cvs checkout for a long time, but is there a fix available
>> already? Should we roll out a new version asap?
>>
>> Best regards
>> Dirk
>> _______________________________________________
>> XviD-devel mailing list
>> XviD-devel at xvid.org
>> http://list.xvid.org/mailman/listinfo/xvid-devel
>>
>>
> _______________________________________________
> XviD-devel mailing list
> XviD-devel at xvid.org
> http://list.xvid.org/mailman/listinfo/xvid-devel
>
>








More information about the XviD-devel mailing list