Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 1 Feb 2017 11:56:16 +0100
From: Hanno Böck <>
Subject: Multiple memory access issues in gstreamer


gstreamer 1.10.3 got released, from the release notes:
"Various fixes for crashes, assertions, deadlocks and memory leaks on
fuzzed input files and in other situations"

Here they are (at least the ones I reported):
gst-plugins-good/aacparse: invalid memory read in
gst-plugins-good/qtdemux: out of bounds read in qtdemux_tag_add_str_full
gst-plugins-base/riff-media: floating point exception in
gstreamer core/datetime: out of bounds read in
gst-plugins-base/riff: stack overflow in gst_riff_create_audio_caps
gst-plugins-good/qtdemux: out of bounds heap read in
gst-plugins-good/avidemux: gst_avi_demux_parse_ncdt heap out of bounds
gst-plugins-base/samiparse: heap oob in html_context_handle_element
gst-plugins-bad/mxfdemux: use after free in gst_mini_object_unref /
gst_tag_list_unref / gst_mxf_demux_update_essence_tracks
gst-plugins-base: floating point exception in gst_riff_create_audio_caps
(different than #777262)
gst-plugins-good/avidemux: invalid memory read in
gst-plugins-ugly/asfdemux: invalid memory read in

And more that didn't make it into 1.10.3:
gst-plugins-ugly/asfdemux: out of bounds read in
gst-plugins-bad/mpegdemux: Invalid memory read in gst_ps_demux_parse_psm

(example files are always attached or linked in the bug reports)

I also reported multiple other issues like memory leaks or hangs which
I consider have no security relevance.

Hanno Böck

GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ