#18318 closed enhancement (fixed)
gstreamer gst-plugins-base gst-plugins-good gst-plugins-bad gst-plugins-ugly gst-libav gstreamer-vaapi 1.22.5
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.0 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version, contains some security fixes in it.
Change History (5)
comment:1 by , 10 months ago
comment:2 by , 10 months ago
Security Vulnerability #1:
Security Advisory 2023-0005 (ZDI-CAN-21444) Summary Integer overflow leading to heap overwrite in RealMedia file handling Date 2023-07-20 14:00 Affected Versions GStreamer gst-plugins-ugly 1.x < 1.22.5, 0.10.x ID GStreamer-SA-2023-0005 ZDI-CAN-21444 Details Heap-based buffer overflow in the RealMedia file demuxer when handling malformed files in GStreamer versions before 1.22.5. Impact It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.
No CVE assigned yet, it'll take a while for that, so we'll refer to these by their ZDIs. The vulnerabilities from the last set have CVEs now though.
Security Vulnerability #2:
Security Advisory 2023-0004 (ZDI-CAN-21443) Summary Integer overflow leading to heap overwrite in RealMedia file handling Date 2023-07-20 14:00 Affected Versions GStreamer gst-plugins-ugly 1.x < 1.22.5, 0.10.x ID GStreamer-SA-2023-0004 ZDI-CAN-21443 Details Heap-based buffer overflow in the RealMedia file demuxer when handling malformed files in GStreamer versions before 1.22.5. Impact It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.
comment:3 by , 10 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:4 by , 10 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at 4d5febb6be8e8248194fe6a4188e74c0ab073804
SA-11.3-064 issued
Note:
See TracTickets
for help on using tickets.
Highlighted bugfixes in 1.22.5 Security fixes for the RealMedia demuxer vaapi decoders, postproc: Disable DMAbuf from caps negotiation to fix garbled video in some cases decodebin3, playbin3, parsebin fixes, especially for stream reconfiguration hlsdemux2: fix early seeking; don't pass referer when updating playlists; webvtt fixes gtk: Fix critical caused by pointer movement when stream is getting ready qt6: Set sampler filtering method, fixes bad quality with qml6glsink and gstqt6d3d11 v4l2src: handle resolution change when buffers are copied videoflip: update orientation tag in auto mode video timecode: Add support for framerates lower than 1fps and accept 119.88 (120/1.001) fps webrtcsink: fixes for x264enc and NVIDIA encoders cerbero: Pull ninja from system if possible, avoid spurious bootstrap of cmake packages: Recipe updates for ffmpeg, libsoup, orc various bug fixes, memory leak fixes, and other stability and reliability improvements gstreamer taglist, plugins: fix compiler warnings with GLib >= 2.76 tracerutils: allow casting parameter types inputselector: fix playing variable is never set gst-plugins-base appsink: add missing make_writable call audioaggregator: Do not post message before being constructed decodebin3: Prevent a critical warning when reassigning output slots decodebin3: Fix slot input linking when the associated stream has changed decodebin3: Remove spurious input locking during parsebin reconfiguration urisourcebin: Set source element to READY before querying it gl/viv-fb: meson build updates plugins: fix compiler warnings with GLib >= 2.76 subtitleoverlay: fix mutex error if sink caps is not video video: timecode: Add support for framerates lower than 1fps video: accept timecode of 119.88 (120/1.001) FPS video: cannot attach time code meta when frame rate is 119.88 (120000/1001) videodecoder: fix copying buffer metas gst-plugins-good adaptivedemux2: Fix early seeking hlsdemux2: Ensure processed webvtt ends with empty new line hlsdemux2: Don't set a referer when updating playlists matroska: demux: Strip signal byte when encrypted rtspsrc: Fix crash when is-live=false gtk: Fix critical caused by pointer movement when stream is getting ready qt6: Set sampler filtering method, fixes bad quality with qml6glsink and gstqt6d3d11 qtdemux: opus: set entry as sampled v4l2src: handle resolution change when buffers are copied v4l2videodec: Fix handling of initial gaps v4l2videodec: correctly register v4l2mpeg2dec v4l2videoenc: replace custom QUERY_CAPS handling with getcaps callback videoflip: update orientation tag in auto mode videoflip: fix critical when tag list is not writable gst-plugins-bad d3d11bufferpool: Fix heavy CPU usage in case of fixed-size pool jpegparser: jpegdecoder: Don't pollute bus and comply with spec plugins: fix compiler warnings with GLib >= 2.76 webrtcbin: Prevent critical warning when creating an additional data channel webrtcstats: Properly report IceCandidate type gst-plugins-ugly rmdemux: add some integer overflow checks gst-libav No changes