Re: Are WAV files dangerous?

From: Bill Unruh (
Date: 08/17/04

  • Next message: Ralph A. Jones: "Re: hijacked!"
    Date: 17 Aug 2004 01:31:04 GMT

    kurt wismer <> writes:

    ]Franky wrote:

    ]> I am aware that some MP3s can exploit weaknesses in the player.
    ]> Eg. Winamp 2.81
    ]> But can a WAV file also be dangerous? Using Google, only a few
    ]> people say 'yes'. So is this just a myth?
    ]> If a WAV is actually dangerous then does AVG have the ability to
    ]> detect bad WAVs?

    ]there are no bad WAVs... there are no bad MP3s either, technically...
    ]it either meets the specifications for that format (and therefore is
    ]that type) or doesn't meet the specifications for that format (and
    ]therefore isn't that type)...

    ]the fact that certain players don't handle certain combinations of
    ]valid (as in, allowed by the specifications for the format) data very
    ]well doesn't make the file containing that data "bad"... it just means
    ]there's a bug in the player that needs to be fixed...

    ]as such, can avg (or another product that mostly deals with viruses)
    ]detect valid WAV files that still manage to play havoc with some audio
    ]player somewhere? i would guess probably not... at best it might detect
    ] a handful of specially crafted examples of WAV files that cause
    ]problems with some players and were seen in the wild, but i can't see
    ]adding general detection for the entire class of objects... it's too
    ]poorly specified a class...

    The question is how tightly the standards constrain the file. In the case
    of wav files, the data structure size and type is tightly constrained. If
    there are things like titles, etc around then they will have a freeform
    data structure, which could in a badly written program cause trouble. (eg
    the person writting assumes that say 512 bytes is more than enough for any
    If the data structure says that the data header is exactly 100 byes long,
    then it is hard to miscode that. if it is of variable length, then it gets

  • Next message: Ralph A. Jones: "Re: hijacked!"