Bug 1396645 - vmncdec - integer overflow in the allocation of the render buffer (no CVE yet)
Summary: vmncdec - integer overflow in the allocation of the render buffer (no CVE yet)
Keywords:
Status: CLOSED DUPLICATE of bug 1395768
Alias: None
Product: Fedora
Classification: Fedora
Component: gstreamer-plugins-bad-free
Version: 24
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
Assignee: Benjamin Otte
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-11-18 20:00 UTC by samoht0
Modified: 2016-11-21 07:24 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2016-11-21 07:24:46 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
GNOME Bugzilla 774533 0 None None None 2016-11-18 20:01:47 UTC

Description samoht0 2016-11-18 20:00:50 UTC 
Description of problem:

Security issue as described above and here:

https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html

Fixed with this commit:

https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/gst/vmnc/vmncdec.c?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe

See also:

https://bugzilla.gnome.org/show_bug.cgi?id=774533

Version-Release number of selected component (if applicable):

gstreamer1-plugins-bad-free-1.8.3-1.fc24

Comment:

Apart from the fact, that mentioned crash needs 3rd-party software being installed in Fedora (Google Chrome), it would also being triggered, if a prepared file gets into the Home folder other ways. That's why I've chosen to set severity to high.
Comment 1 Andrej Nemec 2016-11-21 07:24:46 UTC 

*** This bug has been marked as a duplicate of bug 1395768 ***
Note You need to log in before you can comment on or make changes to this bug.