This forum is deprecated. Please visit https://github.com/smplayer-dev/smplayer/discussions

Subtitle exploit malware - is SMPlayer safe?

Problems, bugs, suggestions... anything related to SMPlayer.

Subtitle exploit malware - is SMPlayer safe?

Postby endrecat » Thu May 25, 2017 12:34 am

Hi,

It just hit the news that several video players have a serious vulnerability. If you load a malicious subtitle file, hackers can get total control of the device.

Here are some articles:

https://techcrunch.com/2017/05/24/hacke ... tle-files/

http://blog.checkpoint.com/2017/05/23/h ... anslation/

Are you aware of this issue, and is SMPlayer safe?
endrecat
 
Posts: 2
Joined: Thu May 25, 2017 12:24 am

Re: Subtitle exploit malware - is SMPlayer safe?

Postby rvm » Thu May 25, 2017 1:37 am

It's unlikely this could affect SMPlayer. However since the technical details about how the attack is done haven't been revealed I can't be sure. It seems for the moment the problem only affects 4 players: VLC, Kodi, Popcorn Time and Stremio.
rvm
Site Admin
 
Posts: 3787
Joined: Wed Dec 23, 2009 1:25 am
Location: España

Re: Subtitle exploit malware - is SMPlayer safe?

Postby endrecat » Thu May 25, 2017 9:52 am

As I understand, it's various different vulnerabilities for different players.

These were pasted in a reddit thread, and I did some more digging:

VLC:
https://github.com/videolan/vlc/commit/ ... 379c8df4ca
https://vuldb.com/?id.101735

Kodi:
https://github.com/xbmc/xbmc/pull/12024

PopCorn Time:
https://github.com/butterproject/butter ... 6cd987759c

I guess mostly it's individual cases of not sanitizing subtitle file input, and possible buffer overflows.
endrecat
 
Posts: 2
Joined: Thu May 25, 2017 12:24 am


Return to General

Who is online

Users browsing this forum: Bing [Bot] and 11 guests