Skip to main content

10. Security Considerations

This section preserves the RFC text for APV, including bitstream syntax, syntax element processing, decoding and parsing processes, metadata, profiles, levels, bands, raw bitstream format, and implementation references.

Original RFC Text

10.  Security Considerations

Like any other audio or video codec, APV should not be used with
insecure ciphers or cipher modes that are vulnerable to known
plaintext attacks. Some of the header bits as well as the padding
are easily predictable.

A decoder MUST be robust against any non-compliant or malicious
payloads. Malicious payloads MUST NOT cause the decoder to overrun
its allocated memory or to take an excessive amount of resources to
decode. An overrun in allocated memory could lead to arbitrary code
execution by an attacker. The same applies to the encoder, even
though problems in encoders are typically rare. Malicious video
streams MUST NOT cause the encoder to misbehave because this would
allow an attacker to attack transcoding gateways. A frequent
security problem in image and video codecs is failure to check for
integer overflows. An example is allocating "frame_width *
frame_height" in pixel count computations without considering that
the multiplication result may have overflowed the range of the
arithmetic type. The implementation MUST ensure that any data
outside of allocated and initialized memory cannot be read.

A decoder MUST NOT try to process the metadata whose type is not
recognized by the implementation. Failure to process any metadata
exactly according to the syntax structure specified MAY put a decoder
in an unknown status.

None of the content carried in APV is intended to be executable.