Fuzzing media analysis tools

Presenter(s): Marco Bellaccini (RAI)

MediaInfo is a free and open-source program that displays information about media files: duration, video/audio codecs, bitrate, aspect ratio... It's often included in media file ingest pipelines and this makes it a juicy target for an attack. In this presentation, we'll talk about things that we discovered while performing fuzz testing on MediaInfo and how to improve the security of this stage of the media file ingest pipeline.