1917192 – (CVE-2021-3185) CVE-2021-3185 gstreamer: buffer overflow in gst_h264_slice_parse_dec_ref_pic_marking

Bug 1917192 (CVE-2021-3185) - CVE-2021-3185 gstreamer: buffer overflow in gst_h264_slice_parse_dec_ref_pic_marking

Summary: CVE-2021-3185 gstreamer: buffer overflow in gst_h264_slice_parse_dec_ref_pic_...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2021-3185
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1917225 1917227 1918094
Blocks:	1913407
TreeView+	depends on / blocked

Reported:	2021-01-18 00:08 UTC by Wade Mealing
Modified:	2021-11-08 01:28 UTC (History)
CC List:	5 users (show)
Fixed In Version:	gst-plugins-bad-1.18.1
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the gstreamer h264 component where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption to occur, and possibly code execution.
Clone Of:
Environment:
Last Closed:	2021-11-08 01:28:15 UTC
Embargoed:

Attachments	(Terms of Use)

Description Wade Mealing 2021-01-18 00:08:56 UTC

A flaw was found in the gstreamer parsing code in the function gst_h264_slice_parse_dec_ref_pic_marking.  An attacker able to trigger this section of code can cause a buffer overflow possibly overflowing the element on the stack leading to memory corruption.

Upstream fix:
https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/commit/11353b3f6e2f047cc37483d21e6a37ae558896bc

Comment 10 Wade Mealing 2021-01-20 02:41:56 UTC

Created gstreamer1-plugins-bad-free tracking bugs for this issue:

Affects: fedora-all [bug 1918094]

Note You need to log in before you can comment on or make changes to this bug.