[DoS] GStreamer hangs when given this malformed file
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| gstreamer1.0 (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
Anything based on GStreamer hangs when given the attached video file for playback. Tested on gst-play-1.0, shotwell-
Depending on the application this can be accompanied by huge memory usage or significant CPU usage. According to debug output from gst-play-1.0, GStreamer goes into an infinite loop. This can cause denial of service in applications that do not enforce resource limits and operation timeouts - which, admittedly, can be hard to do for video.
The bug was found by American Fuzzy Lop after fuzzing shotwell-
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: libgstreamer1.0-0 1.2.4-0ubuntu1
ProcVersionSign
Uname: Linux 3.13.0-43-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.6
Architecture: amd64
CurrentDesktop: Unity
Date: Sat Dec 20 23:51:03 2014
InstallationDate: Installed on 2014-12-19 (0 days ago)
InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2)
SourcePackage: gstreamer1.0
UpgradeStatus: No upgrade log present (probably fresh install)
| Sergey "Shnatsel" Davidoff <unprivileged account> (shnatsel-unprivileged) wrote | #1 |
| Sergey "Shnatsel" Davidoff (shnatsel) wrote | #2 |
| Sergey "Shnatsel" Davidoff (shnatsel) wrote | #3 |
| information type: | Private Security → Public |
This was fixed by Sebastian Droge with these commits:
http://
http://
earlier this year in August.
He has also applied the same fix to the queue and queue2 elements:
http://
http://
It's all fixed since the 1.4.1 release, but not in any 1.2 release.
These patches should probably be backported.