Test case 153053

Type: source code
State: bad
Author: IARPA STONESOUP Test and Evaluation team
Status: candidate
Language: C
Application: cpe:2.3:a:ffmpeg:ffmpeg:1.2.2:*:*:*:*:*:*:*
Submission Date: 06 Oct 2015

Description

This test case implements an sprintf that uses untrusted user input without a format string. The test case takes untrusted user input and passes it to an sprintf that does not implement a format string. This allows the user to pass format strings to the test case causing it to leak sensitive data and possibly allowing an attacker to cause a buffer overflow and inject shell code.
Metadata
- Base program: FFmpeg
- Source Taint: FILE_CONTENTS
- Data Type: VOID_POINTER
- Data Flow: ADDRESS_AS_LINEAR_EXPRESSION
- Control Flow: INTERPROCEDURAL_10

Flaws

CWE-134 Use of Externally-Controlled Format String

Test Suites

FFmpeg 1.2.2
IARPA STONESOUP Phase 3 - Test Cases

Documentation

Overview.pdf
Test Case Creation Guide.pdf
Weaknesses Documentation.pdf
TEXAS User Guide.pdf
Communication API Guide.pdf
System Design Document.pdf
Test and Evaluation Phase 3 Final Report.pdf
Test Generation Report
Grammatech Report.pdf
MINESTRONE Report.pdf

Have any comments on this test case? Please, send us an email.