fuzzed mpeg causes segfault in gstreamer
Bug #164940 reported by
Stephen Cook
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| GStreamer |
Fix Released
|
Critical
|
|||
| gst-plugins-base0.10 (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Bug Description
I was able to get totem (my quick diagnosis puts the bug in gstreamer) to segfault when fuzzing an mpeg.
This bug might be a security bug. I have not looked at the source code to see why it crashed.
Revision history for this message
| Stephen Cook (siti) wrote | #1 |
Revision history for this message
| Pedro Villavicencio (pedro) wrote | #2 |
| Changed in gstreamer0.10: | |
| status: | Confirmed → Invalid |
Revision history for this message
| Craig (candrews-integralblue) wrote | #3 |
| Changed in gstreamer0.10: | |
| status: | Invalid → Confirmed |
| Changed in gstreamer: | |
| status: | Unknown → New |
| Changed in gstreamer0.10: | |
| importance: | Undecided → Medium |
| status: | Confirmed → Triaged |
| Changed in gstreamer: | |
| status: | New → Fix Released |
Revision history for this message
| Sebastien Bacher (seb128) wrote | #4 |
| affects: | gstreamer0.10 (Ubuntu) → gst-plugins-base0.10 (Ubuntu) |
| Changed in gst-plugins-base0.10 (Ubuntu): | |
| status: | Triaged → Fix Committed |
Revision history for this message
| Sebastien Bacher (seb128) wrote | #5 |
| Changed in gst-plugins-base0.10 (Ubuntu): | |
| status: | Fix Committed → Fix Released |
| Changed in gstreamer: | |
| importance: | Unknown → Critical |
To post a comment you must log in.
Thank you for taking the time to report this bug and helping to make Ubuntu better. However, your crash report is either missing or challenging to deal with as a ".crash" file. Please follow these instuctions to have apport report a new bug about your crash that can be dealt with by the automatic retracer.
If you are using Ubuntu with the Gnome desktop environment - launch nautilus and navigate to your /var/crash directory and double click on the crash report you wish to submit.
I'm closing this bug report since the process outlined above will automatically open a new bug report which can then dealt with more efficiently. Thanks in advance for your cooperation and understanding.