RTMP Heap Overflow CVE-2016-10191 - Exploiting FFmpeg ft. Paul Cher

Channel:
United States LiveOverflow
Subscribers:
921,000
Published on ● Video Link: https://www.youtube.com/watch?v=hRei9xXRAGE


Duration: 7:08
8,105 views
271

Paul shows us another exploit for FFmpeg. The vulnerability is located in the RTMP protocol. While working with the binary format of the protocol requires a lot of work, the exploit itself is very easy.

Vulnerable Version: https://github.com/FFmpeg/FFmpeg/tree/d903b4e3ad4a81b3dd79f12c2f3b9cb16e511173
Paul on Twitter: https://twitter.com/__paulch
LiveOverflow Podcast: http://liveoverflow.libsyn.com/
Original Email: http://www.openwall.com/lists/oss-security/2017/02/02/1

-=[ ๐Ÿ”ด Stuff I use ]=-

โ†’ Microphone:* https://geni.us/ntg3b
โ†’ Graphics tablet:* https://geni.us/wacom-intuos
โ†’ Camera#1 for streaming:* https://geni.us/sony-camera
โ†’ Lens for streaming:* https://geni.us/sony-lense
โ†’ Connect Camera#1 to PC:* https://geni.us/cam-link
โ†’ Keyboard:* https://geni.us/mech-keyboard
โ†’ Old Microphone:* https://geni.us/mic-at2020usb

US Store Front:* https://www.amazon.com/shop/liveoverflow

-=[ โค๏ธ Support ]=-

โ†’ per Video: https://www.patreon.com/join/liveoverflow
โ†’ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ ๐Ÿ• Social ]=-

โ†’ Twitter: https://twitter.com/LiveOverflow/
โ†’ Website: https://liveoverflow.com/
โ†’ Subreddit: https://www.reddit.com/r/LiveOverflow/
โ†’ Facebook: https://www.facebook.com/LiveOverflow/

-=[ ๐Ÿ“„ P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

#SecurityResearch #BinaryExploitation #HeapOverflow #CVE



Other Videos By LiveOverflow


2018-01-12Identifying UART and main() in an AVR firmware (ft. Zeta Two) part 1 - rhme2
2018-01-05Regular expression as Finite-state machine - Short
2017-12-29TROOPERS 17 - PacketWars solved with an iPhone
2017-12-22Searching for Bitcoins in GitHub repositories with Google BigQuery
2017-12-15Adapting the 32bit exploit to 64bit for format4 - bin 0x27
2017-12-08Some thoughts on Mobile App Security - is it FUD?
2017-12-01format2 on a modern Ubuntu - bin 0x26
2017-11-27Looking for Feedback - Link to Survey in the Description
2017-11-24Stack grooming and 100% reliable exploit for format0 - bin 0x25
2017-11-17Playing around with a Format String vulnerability and ASLR. format0 - bin 0x24
2017-11-10RTMP Heap Overflow CVE-2016-10191 - Exploiting FFmpeg ft. Paul Cher
2017-11-04Analysis of CVE-2016-10190 - Exploiting FFmpeg ft. Paul Cher
2017-10-27First look at a simple PoC crash - Exploiting FFmpeg ft. Paul Cher
2017-10-20Play CTF! A Great Way to Learn Hacking - Fsec 2017
2017-10-17KRACK - Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2
2017-10-13Using z3 to find a password and reverse obfuscated JavaScript - Fsec2017 CTF
2017-10-06Software Side-Channel attack on AES - White Box Unboxing 4/4 - RHme3 Qualifier
2017-09-29Some failed attack ideas - White Box Unboxing 3/4 - RHme3 Qualifier
2017-09-22TL;DR it's AES... - White Box Unboxing 2/4 - RHme3 Qualifier
2017-09-15Understanding the execution flow of the binary - White Box Unboxing 1/4 - RHme3 Qualifier
2017-09-10[Live] Reverse Engineering new PopUnder for Chrome 63 on Windows


Tags:
Live Overflow
liveoverflow
hacking tutorial
how to hack
exploit tutorial
ffmpeg
CVE-2016-10191
rtmp protocol
paul cher
exploit development
heap overflow
real-life exploit
video exploit
buffer overflow
GOT
arbitrary write