|
Message-ID: <20161201112459.78cbf764@pc1> Date: Thu, 1 Dec 2016 11:24:59 +0100 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com, cve-assign@...re.org Subject: gstreamer multiple issues Hi, After the blogposts from Chris Evans about gstreamer insecurities I had a look. https://bugzilla.gnome.org/show_bug.cgi?id=774859 Invalid memory read in flx_decode_chunks (gst-plugins-good) The fix is a larger rewrite of the affected code paths and probably fixed a bunch of other issues on the way. It also fixes the second flic bug reported by Chris Evans described here: https://scarybeastsecurity.blogspot.dk/2016/11/0day-poc-incorrect-fix-for-gstreamer.html https://bugzilla.gnome.org/show_bug.cgi?id=774896 h264: one byte heap off by one read in gst_h264_parse_set_caps (gst-plugins-bad) https://bugzilla.gnome.org/show_bug.cgi?id=774897 Invalid memory read in glib caused by one invalid unref call in the flxdec decoder. (gst-plugins-good) https://bugzilla.gnome.org/show_bug.cgi?id=774902 4 byte heap out of bounds read in windows_icon_typefind (gst-plugins-base) https://bugzilla.gnome.org/show_bug.cgi?id=775048 2 byte heap out of bounds read in gst_mpegts_section_new (gst-plugins-bad). https://bugzilla.gnome.org/show_bug.cgi?id=775120 null pointer deref (segfault) in mpegts decoder / _parse_pat (gst-plugins-bad) A note about the memory access bugs: glib's slice allocator can hide them, so finding them with asan sometimes only works if one sets G_SLICE=always-malloc Stuff that's probably not security relevant: Asserts / traps only: https://bugzilla.gnome.org/show_bug.cgi?id=775130 h264 decoder assert (gst-plugins-bad) https://bugzilla.gnome.org/show_bug.cgi?id=775219 avidemux trap on invalid utf-8 The gstreamer devs were very quick in fixing all issues. The release 1.10.2 should contain all the fixes. https://gstreamer.freedesktop.org/releases/gstreamer/1.10.2.html -- Hanno Böck https://hboeck.de/ mail/jabber: hanno@...eck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.