[flac-dev] Two new CVEs against FLAC

Miroslav Lichvar mlichvar at redhat.com
Wed Nov 26 05:19:43 PST 2014


On Wed, Nov 26, 2014 at 01:40:13AM -0800, Erik de Castro Lopo wrote:
> Brian Willoughby wrote:
> 
> > While we're on the topic, what sort of consequences are there, really,
> > with this vulnerability? Worst case, your player stops playing on a
> > file that cannot be played anyway. Yes, it's bad that you have to
> > power-cycle the player to get it to restart, but it's not like you
> > can be doing anything else at the same time you're playing a bad FLAC.
> > Have I missed something?
> 
> I think you are underestimating what a motivated cracker can do starting
> with a simple heap overflow. See:

In this case the minimum amount of data that the attacker can write to
the buffer seems to be nearly 16GB (4 * (INT_MAX - 31)), so I think most
libFLAC applications will just crash. But I could very well be missing
something.

-- 
Miroslav Lichvar


More information about the flac-dev mailing list