Talos Vulnerability Report

SUMMARY

An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability.

CONFIRMED VULNERABLE VERSIONS

The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor.

Ankitects Anki 24.04

PRODUCT URLS

Anki - https://apps.ankiweb.net/

CVSSv3 SCORE

9.6 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)

DETAILS

Anki is an open-source program that helps with memorization of information through the use of flash cards. It supports syncing of these cards across multiple computers as well as sharing cards with other users. It supports multiple different content types such as images, audio, videos, and scientific notation (via LaTeX).

For Windows Anki uses this code to play media files:

https://github.com/ankitects/anki/blob/main/qt/aqt/sound.py#L363

class SimpleMpvPlayer(SimpleProcessPlayer, VideoPlayer):
    default_rank = 1

    args, env = _packagedCmd(
        [
            "mpv",
            "--no-terminal",
            "--force-window=no",
            "--ontop",
            "--audio-display=no",
            "--keep-open=no",
            "--input-media-keys=no",
            "--autoload-files=no",
        ]
    )

This runs an instance of MPV for every file played on Windows in flash cards.

The command looks like mpv --no-terminal .... sound.mp3 where sound.mp3 is the file it plays.

In Anki cards sound is played with [sound:music.mp3].

You can replace music.mp3 with something else and it’ll pass it directly as an argument to MPV.

We replaced music.mp3 with [sound:--include=extra.conf].

This loads an extra configuration file that mpv uses.

Our configuration file contains:

[1] script=run.lua
[2] idle=yes

[1] mpv can load and run Lua scripts, we are pointing to a script called run.lua. [2] tells mpv to wait until everything else is done (including the script) to close.

Normally without [2] mpv would see there is no audio file and close instantly.

We can bundle our run.lua script and extra.conf file in with the flashcards by putting it into the Anki media folder.

When a user imports an Anki deck they must also import the media. There are no limits on what media can be, so you can include scripts like we have.

Using this exploit we have managed to get full command Injection on the users system.

TIMELINE

2024-05-27 - Vendor Disclosure
2024-06-24 - Vendor Patch Release
2024-07-22 - Public Release