930973 – (GStreamer-SA-2024-0002, ZDI-CAN-23896) media-libs/gst-plugins-base: Integer overflow in EXIF metadata parser leading to potential heap overwrite

Bug 930973 (GStreamer-SA-2024-0002, ZDI-CAN-23896) - media-libs/gst-plugins-base: Integer overflow in EXIF metadata parser leading to potential heap overwrite

Summary: media-libs/gst-plugins-base: Integer overflow in EXIF metadata parser leading...

Status:	UNCONFIRMED

Alias:	GStreamer-SA-2024-0002, ZDI-CAN-23896

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://gstreamer.freedesktop.org/sec...
Whiteboard:
Keywords:	PATCH

Depends on:
Blocks:

Reported:	2024-04-30 10:26 UTC by jospezial
Modified:	2024-05-09 11:18 UTC (History)
CC List:	4 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description jospezial 2024-04-30 10:26:14 UTC

https://gstreamer.freedesktop.org/security/sa-2024-0002.html
"Details

Heap-based buffer overflow in the EXIF image tag parser when handling certain malformed streams before GStreamer 1.24.3 or 1.22.12.
Impact

It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.
Solution

The gst-plugins-base 1.24.3 and 1.22.12 releases address the issue. People using older branches of GStreamer should apply the patch and recompile."

Comment 1 jospezial 2024-04-30 19:05:51 UTC

https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1ceedfd2c1af3f1ff539d88a120296ffae85e0b2
"exiftag: Prevent integer overflows and out of bounds reads when handling undefined tags"