LG liblg_parser_mkv.so Bad Allocation Calls

During EBML node parsing the EBML element_size is used unvalidated to allocate a stack buffer to store the element contents. Since calls to alloca simply compile to a subtraction from the current stack pointer, for large sizes this can result in memory corruption and potential remote-code-execution in the mediaserver process. Tested on an LG-G4 with firmware MRA58K.


MD5 | 711c46670019250996b82da037a5b3ab


Related Posts

Comments