lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 16 Mar 2009 11:12:02 +0700
From: "Bkis" <svrt@...v.com.vn>
To: <bugtraq@...urityfocus.com>,
	<full-disclosure@...ts.grok.org.uk>
Subject: [Bkis-04-2009] GOM Encoder Heap-based Buffer
	Overflow

GOM Encoder Heap-based Buffer Overflow

1. General Information

GOM Encoder is a video transcoder that can work with a lot of video formats.
One of its functions is embedding subtitles to the video, which means you
can see subtitles on the resulting video even if your device doesn't support
subtitle. 

Bkis has just found a vulnerability in the software, related to the
processing of subtitle files in "srt" format. Taking advantage of the flaw,
hackers can perform denial of service attack or, if successfully exploit,
remote code execution. We have sent the report to the vendor.

Details : http://security.bkis.vn/?p=352
SVRT Advisory: Bkis-04-2009
Initial vendor notification: 03/04/2009
Release Date : 03/16/2009
Update Date : 03/16/2009
Discovered by : Mai Xuan Cuong, Bkis
Attack Type : Buffer Overflow
Security Rating : High
Impact : Code Execution
Affected Software : GOM Encoder Demo <= 1.0.0.11

2. Technical Description

The vulnerability is related to the processing of subtitle files in "srt"
format when transcoding videos with subtitle embedded. More precisely, it
pops up when the program handles Preview/ Set Segment function.
If the accompanied "srt" file has an overly long text field, it will cause a
heap-based overflow, which in turn corrupts the memory and makes the program
crash.

To take advantage of the flaw, a hacker might create a specially crafted
"srt" file and trick users into downloading it. If users use this file when
transcoding videos with GOM Encoder, they will become victims of hacker. If
successful, the hacker might execute arbitrary code within the context of
the affected application. Failed exploitation results in a crash of the
program, which might be used to perform Denial of Service attack. 

3. Solution

Rating this vulnerability high severity, Bkis recommends that users be
cautious with "srt" files from untrustworthy sources until the vendor
release the patch.

Bkis


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ