On Wed, Nov 26, 2014 at 01:40:13AM -0800, Erik de Castro Lopo wrote: > Brian Willoughby wrote: > > > While we're on the topic, what sort of consequences are there, really, > > with this vulnerability? Worst case, your player stops playing on a > > file that cannot be played anyway. Yes, it's bad that you have to > > power-cycle the player to get it to restart, but it's not like you > > can be doing anything else at the same time you're playing a bad FLAC. > > Have I missed something? > > I think you are underestimating what a motivated cracker can do starting > with a simple heap overflow. See:
In this case the minimum amount of data that the attacker can write to the buffer seems to be nearly 16GB (4 * (INT_MAX - 31)), so I think most libFLAC applications will just crash. But I could very well be missing something. -- Miroslav Lichvar _______________________________________________ flac-dev mailing list flac-dev@xiph.org http://lists.xiph.org/mailman/listinfo/flac-dev
