Hi,
On 23/07/2020 19:50, Michael Richardson wrote:
Liang Xia via Datatracker <noreply@xxxxxxxx> wrote:
> But about my one question, I have not seen any response or actions: "Issues for
> clarification: In Security Considerations, besides the DoS attacks brought by
> the malicious payloads, is there any other kinds of attack possibly? For
> example, virus or worm are hidden in the malicious payloads to attack the
> system for more damages? Does it make sense and what's the consideration?"
Hi, thank you for the review comments.
Aside from possible buffer-overflow attacks that would attempt to smash the
stack of a process, none of the content carried in ffv1 is intended to be executable.
A virus or worm hidden in the payload would be rendered as if it was visual
data by normal software processing.
Clearly, a malicious system could use the ffv1 format in an attempt to disquise
itself, but that would take a co-consipirator to extract that content.
I second Michael on the lack of attack implying hidden content, as the
expected output is only visual content.
I added a pull request on the spec for adding an explicit mention of the
lack of content intended to be executed at
https://github.com/FFmpeg/FFV1/pull/224 , in addition to fixes of issues
found during last call review at https://github.com/FFmpeg/FFV1/pull/223
Jérôme
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
