oss-sec mailing list archives
gstreamer multiple issues
From: Hanno Böck <hanno () hboeck de>
Date: Thu, 1 Dec 2016 11:24:59 +0100
Hi, After the blogposts from Chris Evans about gstreamer insecurities I had a look. https://bugzilla.gnome.org/show_bug.cgi?id=774859 Invalid memory read in flx_decode_chunks (gst-plugins-good) The fix is a larger rewrite of the affected code paths and probably fixed a bunch of other issues on the way. It also fixes the second flic bug reported by Chris Evans described here: https://scarybeastsecurity.blogspot.dk/2016/11/0day-poc-incorrect-fix-for-gstreamer.html https://bugzilla.gnome.org/show_bug.cgi?id=774896 h264: one byte heap off by one read in gst_h264_parse_set_caps (gst-plugins-bad) https://bugzilla.gnome.org/show_bug.cgi?id=774897 Invalid memory read in glib caused by one invalid unref call in the flxdec decoder. (gst-plugins-good) https://bugzilla.gnome.org/show_bug.cgi?id=774902 4 byte heap out of bounds read in windows_icon_typefind (gst-plugins-base) https://bugzilla.gnome.org/show_bug.cgi?id=775048 2 byte heap out of bounds read in gst_mpegts_section_new (gst-plugins-bad). https://bugzilla.gnome.org/show_bug.cgi?id=775120 null pointer deref (segfault) in mpegts decoder / _parse_pat (gst-plugins-bad) A note about the memory access bugs: glib's slice allocator can hide them, so finding them with asan sometimes only works if one sets G_SLICE=always-malloc Stuff that's probably not security relevant: Asserts / traps only: https://bugzilla.gnome.org/show_bug.cgi?id=775130 h264 decoder assert (gst-plugins-bad) https://bugzilla.gnome.org/show_bug.cgi?id=775219 avidemux trap on invalid utf-8 The gstreamer devs were very quick in fixing all issues. The release 1.10.2 should contain all the fixes. https://gstreamer.freedesktop.org/releases/gstreamer/1.10.2.html -- Hanno Böck https://hboeck.de/ mail/jabber: hanno () hboeck de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Current thread:
- gstreamer multiple issues Hanno Böck (Dec 01)
- Re: gstreamer multiple issues cve-assign (Dec 04)