[Bug 1023259] New: VUL-1: CVE-2017-5838: gstreamer: Multiple memory access issues in gstreamer
http://bugzilla.opensuse.org/show_bug.cgi?id=1023259 Bug ID: 1023259 Summary: VUL-1: CVE-2017-5838: gstreamer: Multiple memory access issues in gstreamer Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Preamble: I can't find CVE-nums, mentioned below, in boo and because all of reports are related to gstreamer 1.10.3, I decided not to split initial oss-sec report. https://software.opensuse.org/package/gstreamer : TW: 1.10.2 (official repo) 42.2: 1.8.3 (official repo) 42.1: 1.4.5 (official repo) Refs: ============================================================= [1] http://seclists.org/oss-sec/2017/q1/258 (initial report) [2] http://seclists.org/oss-sec/2017/q1/284 (CVE assignment) ============================================================= [1] ============================================================= Hi, https://gstreamer.freedesktop.org/releases/1.10/#1.10.3 gstreamer 1.10.3 got released, from the release notes: "Various fixes for crashes, assertions, deadlocks and memory leaks on fuzzed input files and in other situations" CVE-2016-10198: https://bugzilla.gnome.org/show_bug.cgi?id=775450 gst-plugins-good/aacparse: invalid memory read in gst_aac_parse_sink_setcaps CVE-2016-10199: https://bugzilla.gnome.org/show_bug.cgi?id=775451 gst-plugins-good/qtdemux: out of bounds read in qtdemux_tag_add_str_full CVE-2017-5837: https://bugzilla.gnome.org/show_bug.cgi?id=777262 gst-plugins-base/riff-media: floating point exception in gst_riff_create_audio_caps CVE-2017-5838: https://bugzilla.gnome.org/show_bug.cgi?id=777263 gstreamer core/datetime: out of bounds read in gst_date_time_new_from_iso8601_string() CVE-2017-5839: https://bugzilla.gnome.org/show_bug.cgi?id=777265 gst-plugins-base/riff: stack overflow in gst_riff_create_audio_caps CVE-2017-5840: https://bugzilla.gnome.org/show_bug.cgi?id=777469 gst-plugins-good/qtdemux: out of bounds heap read in qtdemux_parse_samples CVE-2017-5841: https://bugzilla.gnome.org/show_bug.cgi?id=777500 gst-plugins-good/avidemux: gst_avi_demux_parse_ncdt heap out of bounds read CVE-2017-5842: https://bugzilla.gnome.org/show_bug.cgi?id=777502 gst-plugins-base/samiparse: heap oob in html_context_handle_element CVE-2017-5843: https://bugzilla.gnome.org/show_bug.cgi?id=777503 gst-plugins-bad/mxfdemux: use after free in gst_mini_object_unref / gst_tag_list_unref / gst_mxf_demux_update_essence_tracks CVE-2017-5844: https://bugzilla.gnome.org/show_bug.cgi?id=777525 gst-plugins-base: floating point exception in gst_riff_create_audio_caps (different than #777262) CVE-2017-5845: https://bugzilla.gnome.org/show_bug.cgi?id=777532 gst-plugins-good/avidemux: invalid memory read in gst_avi_demux_parse_ncdt CVE-2017-5846: https://bugzilla.gnome.org/show_bug.cgi?id=777937 gst-plugins-ugly/asfdemux: invalid memory read in gst_asf_demux_process_ext_stream_props() And more that didn't make it into 1.10.3: (CVE-2017-5847 for what is fixed by the entire https://bugzilla.gnome.org/show_bug.cgi?id=777955#c3 change, which is in the https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d627... commit.) https://bugzilla.gnome.org/show_bug.cgi?id=777955 gst-plugins-ugly/asfdemux: out of bounds read in gst_asf_demux_process_ext_content_desc (Use CVE-2017-5848 for what is fixed by the entire https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3 change.) https://bugzilla.gnome.org/show_bug.cgi?id=777957 gst-plugins-bad/mpegdemux: Invalid memory read in gst_ps_demux_parse_psm (example files are always attached or linked in the bug reports) I also reported multiple other issues like memory leaks or hangs which I consider have no security relevance. ============================================================= -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1023259
Mikhail Kasimov
participants (1)
-
bugzilla_noreply@novell.com