CVE-2021-3185: 1917192 – (CVE-2021-3185) CVE-2021-3185 gstreamer: buffer overflow in gst_h264_slice_parse_dec_ref_pic_marking

Bug 1917192 (CVE-2021-3185) - CVE-2021-3185 gstreamer: buffer overflow in gst_h264_slice_parse_dec_ref_pic_marking

Summary: CVE-2021-3185 gstreamer: buffer overflow in gst_h264_slice_parse_dec_ref_pic_…

Keywords:

Status:

CLOSED ERRATA

Alias:

CVE-2021-3185

Product:

Security Response

Classification:

Other

Component:

vulnerability

Sub Component:

Version:

unspecified

Hardware:

All

OS:

Linux

Priority:

medium

Severity:

medium

Target Milestone:

—

Assignee:

Red Hat Product Security

QA Contact:

Docs Contact:

URL:

Whiteboard:

Depends On:

1917225 1917227 1918094

Blocks:

1913407

TreeView+

depends on / blocked

Reported:

2021-01-18 00:08 UTC by Wade Mealing

Modified:

2021-11-08 01:28 UTC (History)

CC List:

5 users (show)

Fixed In Version:

gst-plugins-bad-1.18.1

Doc Type:

If docs needed, set a value

Doc Text:

A flaw was found in the gstreamer h264 component where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption to occur, and possibly code execution.

Clone Of:

Environment:

Last Closed:

2021-11-08 01:28:15 UTC

Attachments

(Terms of Use)

Add an attachment (proposed patch, testcase, etc.)

Description Wade Mealing 2021-01-18 00:08:56 UTC

A flaw was found in the gstreamer parsing code in the function gst_h264_slice_parse_dec_ref_pic_marking. An attacker able to trigger this section of code can cause a buffer overflow possibly overflowing the element on the stack leading to memory corruption.

Upstream fix: https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/commit/11353b3f6e2f047cc37483d21e6a37ae558896bc

Comment 10 Wade Mealing 2021-01-20 02:41:56 UTC

Created gstreamer1-plugins-bad-free tracking bugs for this issue:

Affects: fedora-all [bug 1918094]

Note You need to log in before you can comment on or make changes to this bug.