Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 1 Feb 2017 11:56:16 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Multiple memory access issues in gstreamer

Hi,

https://gstreamer.freedesktop.org/releases/1.10/#1.10.3

gstreamer 1.10.3 got released, from the release notes:
"Various fixes for crashes, assertions, deadlocks and memory leaks on
fuzzed input files and in other situations"

Here they are (at least the ones I reported):

https://bugzilla.gnome.org/show_bug.cgi?id=775450
gst-plugins-good/aacparse: invalid memory read in
gst_aac_parse_sink_setcaps

https://bugzilla.gnome.org/show_bug.cgi?id=775451
gst-plugins-good/qtdemux: out of bounds read in qtdemux_tag_add_str_full

https://bugzilla.gnome.org/show_bug.cgi?id=777262
gst-plugins-base/riff-media: floating point exception in
gst_riff_create_audio_caps

https://bugzilla.gnome.org/show_bug.cgi?id=777263
gstreamer core/datetime: out of bounds read in
gst_date_time_new_from_iso8601_string()

https://bugzilla.gnome.org/show_bug.cgi?id=777265
gst-plugins-base/riff: stack overflow in gst_riff_create_audio_caps

https://bugzilla.gnome.org/show_bug.cgi?id=777469
gst-plugins-good/qtdemux: out of bounds heap read in
qtdemux_parse_samples


https://bugzilla.gnome.org/show_bug.cgi?id=777500
gst-plugins-good/avidemux: gst_avi_demux_parse_ncdt heap out of bounds
read

https://bugzilla.gnome.org/show_bug.cgi?id=777502
gst-plugins-base/samiparse: heap oob in html_context_handle_element

https://bugzilla.gnome.org/show_bug.cgi?id=777503
gst-plugins-bad/mxfdemux: use after free in gst_mini_object_unref /
gst_tag_list_unref / gst_mxf_demux_update_essence_tracks

https://bugzilla.gnome.org/show_bug.cgi?id=777525
gst-plugins-base: floating point exception in gst_riff_create_audio_caps
(different than #777262)

https://bugzilla.gnome.org/show_bug.cgi?id=777532
gst-plugins-good/avidemux: invalid memory read in
gst_avi_demux_parse_ncdt

https://bugzilla.gnome.org/show_bug.cgi?id=777937
gst-plugins-ugly/asfdemux: invalid memory read in
gst_asf_demux_process_ext_stream_props()



And more that didn't make it into 1.10.3:

https://bugzilla.gnome.org/show_bug.cgi?id=777955
gst-plugins-ugly/asfdemux: out of bounds read in
gst_asf_demux_process_ext_content_desc

https://bugzilla.gnome.org/show_bug.cgi?id=777957
gst-plugins-bad/mpegdemux: Invalid memory read in gst_ps_demux_parse_psm


(example files are always attached or linked in the bug reports)

I also reported multiple other issues like memory leaks or hangs which
I consider have no security relevance.


-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ