Valve: Malformed .WAV triggers an Access Violation on GoldSRC (hl.exe)

A malformed .WAV triggers an Access Violation on GoldSRC engine games Half-Life upon invocation, which could lead to remote code execution on a client. Crash Information ------------------ Event Type: Exception Exception Faulting Address: 0x2469a000 First Chance Exception Type:...

Valve: Malformed BSP in GoldSrc Engine may cause shellcode injection

Introduction Hello. There's a vulnerability in GoldSrc Engine that allows to run arbitrary assembly code using incorrect BSP format processing. Description The vulnerability is found in the UTILStringToIntArray function. This function belongs to the game mod library mp.dll/cs.so and has the...

Valve: Malformed Skybox .TGA in Half-Life (GoldSRC) leads to Access Violation

A malformed .TGA when loaded as a Skybox on a map in a GoldSRC engine game Half-Life can lead to arbitrary code execution on a remote client. Reproduction Steps Load the attached map + resources on a local Half-Life listen server. The game will crash with an Access Violation as soon as the map wi...