SMPlayer Support Forum


http://old-forum.smplayer.info/

Subtitle exploit malware - is SMPlayer safe?

http://old-forum.smplayer.info/viewtopic.php?f=2&t=8809

Page 1 of 1

Subtitle exploit malware - is SMPlayer safe?

PostPosted: Thu May 25, 2017 12:34 am
by endrecat
Hi,

It just hit the news that several video players have a serious vulnerability. If you load a malicious subtitle file, hackers can get total control of the device.

Here are some articles:

https://techcrunch.com/2017/05/24/hacke ... tle-files/

http://blog.checkpoint.com/2017/05/23/h ... anslation/

Are you aware of this issue, and is SMPlayer safe?

Re: Subtitle exploit malware - is SMPlayer safe?

PostPosted: Thu May 25, 2017 1:37 am
by rvm
It's unlikely this could affect SMPlayer. However since the technical details about how the attack is done haven't been revealed I can't be sure. It seems for the moment the problem only affects 4 players: VLC, Kodi, Popcorn Time and Stremio.

Re: Subtitle exploit malware - is SMPlayer safe?

PostPosted: Thu May 25, 2017 9:52 am
by endrecat
As I understand, it's various different vulnerabilities for different players.

These were pasted in a reddit thread, and I did some more digging:

VLC:
https://github.com/videolan/vlc/commit/ ... 379c8df4ca
https://vuldb.com/?id.101735

Kodi:
https://github.com/xbmc/xbmc/pull/12024

PopCorn Time:
https://github.com/butterproject/butter ... 6cd987759c

I guess mostly it's individual cases of not sanitizing subtitle file input, and possible buffer overflows.
All times are UTC + 1 hour
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/