Bug 1917192 (CVE-2021-3185)

Summary:	CVE-2021-3185 gstreamer: buffer overflow in gst_h264_slice_parse_dec_ref_pic_marking
Product:	[Other] Security Response	Reporter:	Wade Mealing <wmealing>
Component:	vulnerability	Assignee:	Red Hat Product Security <security-response-team>
Status:	CLOSED ERRATA	QA Contact:
Severity:	medium	Docs Contact:
Priority:	medium
Version:	unspecified	CC:	bdpepple, carnil, negativo17, uraeus, wtaymans
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	gst-plugins-bad-1.18.1	Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the gstreamer h264 component where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption to occur, and possibly code execution.	Story Points:	---
Clone Of:		Environment:
Last Closed:	2021-11-08 01:28:15 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	1917225, 1917227, 1918094
Bug Blocks:	1913407

Description Wade Mealing 2021-01-18 00:08:56 UTC

A flaw was found in the gstreamer parsing code in the function gst_h264_slice_parse_dec_ref_pic_marking.  An attacker able to trigger this section of code can cause a buffer overflow possibly overflowing the element on the stack leading to memory corruption.

Upstream fix:
https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/commit/11353b3f6e2f047cc37483d21e6a37ae558896bc

Comment 10 Wade Mealing 2021-01-20 02:41:56 UTC

Created gstreamer1-plugins-bad-free tracking bugs for this issue:

Affects: fedora-all [bug 1918094]