touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #44332
[Bug 1404557] Re: [DoS] GStreamer hangs when given this malformed file
Upstream does not consider this a security vulnerability. Disclosing
and unmarking private.
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gstreamer1.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1404557
Title:
[DoS] GStreamer hangs when given this malformed file
Status in gstreamer1.0 package in Ubuntu:
New
Bug description:
Anything based on GStreamer hangs when given the attached video file
for playback. Tested on gst-play-1.0, shotwell-video-thumbnailer,
Audience and Totem.
Depending on the application this can be accompanied by huge memory
usage or significant CPU usage. According to debug output from gst-
play-1.0, GStreamer goes into an infinite loop. This can cause denial
of service in applications that do not enforce resource limits and
operation timeouts - which, admittedly, can be hard to do for video.
The bug was found by American Fuzzy Lop after fuzzing shotwell-video-
thumbnailer for 5 minutes.
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: libgstreamer1.0-0 1.2.4-0ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-43.72-generic 3.13.11.11
Uname: Linux 3.13.0-43-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.6
Architecture: amd64
CurrentDesktop: Unity
Date: Sat Dec 20 23:51:03 2014
InstallationDate: Installed on 2014-12-19 (0 days ago)
InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2)
SourcePackage: gstreamer1.0
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gstreamer1.0/+bug/1404557/+subscriptions
