Search...

gstreamer/gst-discoverer: Heap-buffer-overflow in tap_type_find

2018-05-06T08:21:21

ID OSSFUZZ-8159
Type ossfuzz
Reporter Google
Modified 2018-06-07T15:21:05

Description

Project: https://anongit.freedesktop.org/git/gstreamer/gstreamer

Detailed report: https://oss-fuzz.com/testcase?key=5192041649668096

Project: gstreamer Fuzzer: libFuzzer_gstreamer_gst-discoverer Fuzz target binary: gst-discoverer Job Type: libfuzzer_asan_gstreamer Platform Id: linux

Crash Type: Heap-buffer-overflow READ 12 Crash Address: 0x603000001378 Crash State: tap_type_find gst_type_find_factory_call_function gst_type_find_helper_for_data

Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_asan_gstreamer&range=201805050441:201805060442

Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=5192041649668096

Issue filed automatically.

See https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse without an upstream patch, then the bug report will automatically become visible to the public.

When you fix this bug, please * mention the fix revision(s). * state whether the bug was a short-lived regression or an old bug in any stable releases. * add any other useful information. This information can help downstream consumers.

If you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues.

JSON Vulners Source

Initial Source

{"id": "OSSFUZZ-8159", "type": "ossfuzz", "bulletinFamily": "software", "title": "gstreamer/gst-discoverer: Heap-buffer-overflow in tap_type_find", "description": "Project:\nhttps://anongit.freedesktop.org/git/gstreamer/gstreamer\n\nDetailed report: https://oss-fuzz.com/testcase?key=5192041649668096\n\nProject: gstreamer\nFuzzer: libFuzzer_gstreamer_gst-discoverer\nFuzz target binary: gst-discoverer\nJob Type: libfuzzer_asan_gstreamer\nPlatform Id: linux\n\nCrash Type: Heap-buffer-overflow READ 12\nCrash Address: 0x603000001378\nCrash State:\n tap_type_find\n gst_type_find_factory_call_function\n gst_type_find_helper_for_data\n \nSanitizer: address (ASAN)\n\nRecommended Security Severity: Medium\n\nRegressed: https://oss-fuzz.com/revisions?job=libfuzzer_asan_gstreamer&range=201805050441:201805060442\n\nReproducer Testcase: https://oss-fuzz.com/download?testcase_id=5192041649668096\n\nIssue filed automatically.\n\nSee https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.\n\nThis bug is subject to a 90 day disclosure deadline. If 90 days elapse\nwithout an upstream patch, then the bug report will automatically\nbecome visible to the public.\n\nWhen you fix this bug, please\n * mention the fix revision(s).\n * state whether the bug was a short-lived regression or an old bug in any stable releases.\n * add any other useful information.\nThis information can help downstream consumers.\n\nIf you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues.", "published": "2018-05-06T08:21:21", "modified": "2018-06-07T15:21:05", "cvss": {}, "href": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8159", "reporter": "Google", "references": [], "cvelist": [], "lastseen": "2020-04-04T21:08:55", "viewCount": 1, "enchantments": {"dependencies": {}, "score": {"value": -0.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "osv", "idList": ["OSV:2018-42", "OSV:OSV-2018-42"]}]}, "exploitation": null, "vulnersScore": -0.6}, "ossfuzz": {"issue": 8159, "status": "Verified", "project": "gstreamer", "ref": "https://oss-fuzz.com/revisions?job=libfuzzer_asan_gstreamer&range=201805060442:201805071602", "crashType": "Heap-buffer-overflow READ 12", "revisions": ["4fb02fc85b70be631f5331b2547e5dc61ef7a43a:80dfb7bb3f415dac465f89f8945a1546c4fcc280"], "project_repos": ["https://anongit.freedesktop.org/git/gstreamer/gstreamer"], "tags": ["1.16.0", "1.15.90", "1.15.2", "1.15.1", "1.14.0", "1.13.91", "1.13.90", "1.13.1", "1.12.0", "1.11.91", "1.11.90", "1.11.2", "1.11.1", "1.11.0", "1.10.0", "1.9.90", "1.9.2", "1.9.1", "1.8.0", "1.7.91", "1.7.90", "1.7.2", "1.7.1", "1.6.0", "1.5.91", "1.5.90", "1.5.2", "1.5.1", "1.4.0", "1.3.91", "1.3.90", "1.3.3", "1.3.2", "1.3.1", "1.2.0", "1.1.90", "1.1.4", "1.1.3", "1.1.2", "1.1.1", "1.0.2", "1.0.1", "1.0.0", "0.11.99", "0.11.94", "0.11.93", "0.11.92", "0.11.91", "0.11.90", "0.11.2", "0.11.1", "0.11.0", "0.10.35", "0.10.34", "0.10.33", "0.10.32", "0.10.31", "0.10.30", "0.10.29", "0.10.28", "0.10.27", "0.10.26", "0.10.25", "0.10.24", "0.10.23", "0.10.22", "0.10.21", "0.10.20", "0.10.18", "0.10.17", "0.10.16", "0.10.15", "0.10.14", "0.10.13", "0.10.12", "0.10.11", "0.10.10", "0.10.9", "0.10.8", "0.10.7", "0.10.6", "0.10.5", "0.10.4", "0.10.3", "0.10.2", "0.10.1", "0.10.0", "0.9.7", "0.9.6", "0.9.5", "0.9.4", "0.9.3", "0.9.2", "0.8-ROOT", "0.6-ROOT", "0.8.9", "0.8.8", "0.8.7", "0.8.6", "0.8.4", "0.8.3", "0.8.2", "0.8.1", "0.8.0", "0.7.6", "0.7.5-ROOT", "0.7.4-ROOT", "0.7.3", "0.7.2", "0.7.2-ROOT", "0.7.1", "0.5.2-ROOT", "0.5.1-ROOT", "0.5.0-ROOT", "0.4.2-ROOT", "0.4.1-ROOT", "0.4.0-ROOT", "0.3.4-ROOT", "0.3.3-ROOT", "0.3.2-DOBDAY", "0.3.1-1", "0.3.1-BELGIANBEER", "0.3.0-EVENTFUL", "0.2.1-UNKN", "0.2.0-CRITICALMASS", "0.1.1-DUCTTAPE", "0.1.0-SLIPSTREAM"]}, "affectedSoftware": [{"name": "gstreamer", "version": "1.14.0", "operator": "eq"}, {"name": "gstreamer", "version": "1.13.91", "operator": "eq"}, {"name": "gstreamer", "version": "1.13.90", "operator": "eq"}, {"name": "gstreamer", "version": "1.13.1", "operator": "eq"}, {"name": "gstreamer", "version": "1.12.0", "operator": "eq"}, {"name": "gstreamer", "version": "1.11.91", "operator": "eq"}, {"name": "gstreamer", "version": "1.11.90", "operator": "eq"}, {"name": "gstreamer", "version": "1.11.2", "operator": "eq"}, {"name": "gstreamer", "version": "1.11.1", "operator": "eq"}, {"name": "gstreamer", "version": "1.11.0", "operator": "eq"}, {"name": "gstreamer", "version": "1.10.0", "operator": "eq"}, {"name": "gstreamer", "version": "1.9.90", "operator": "eq"}, {"name": "gstreamer", "version": "1.9.2", "operator": "eq"}, {"name": "gstreamer", "version": "1.9.1", "operator": "eq"}, {"name": "gstreamer", "version": "1.8.0", "operator": "eq"}, {"name": "gstreamer", "version": "1.7.91", "operator": "eq"}, {"name": "gstreamer", "version": "1.7.90", "operator": "eq"}, {"name": "gstreamer", "version": "1.7.2", "operator": "eq"}, {"name": "gstreamer", "version": "1.7.1", "operator": "eq"}, {"name": "gstreamer", "version": "1.6.0", "operator": "eq"}, {"name": "gstreamer", "version": "1.5.91", "operator": "eq"}, {"name": "gstreamer", "version": "1.5.90", "operator": "eq"}, {"name": "gstreamer", "version": "1.5.2", "operator": "eq"}, {"name": "gstreamer", "version": "1.5.1", "operator": "eq"}, {"name": "gstreamer", "version": "1.4.0", "operator": "eq"}, {"name": "gstreamer", "version": "1.3.91", "operator": "eq"}, {"name": "gstreamer", "version": "1.3.90", "operator": "eq"}, {"name": "gstreamer", "version": "1.3.3", "operator": "eq"}, {"name": "gstreamer", "version": "1.3.2", "operator": "eq"}, {"name": "gstreamer", "version": "1.3.1", "operator": "eq"}, {"name": "gstreamer", "version": "1.2.0", "operator": "eq"}, {"name": "gstreamer", "version": "1.1.90", "operator": "eq"}, {"name": "gstreamer", "version": "1.1.4", "operator": "eq"}, {"name": "gstreamer", "version": "1.1.3", "operator": "eq"}, {"name": "gstreamer", "version": "1.1.2", "operator": "eq"}, {"name": "gstreamer", "version": "1.1.1", "operator": "eq"}, {"name": "gstreamer", "version": "1.0.2", "operator": "eq"}, {"name": "gstreamer", "version": "1.0.1", "operator": "eq"}, {"name": "gstreamer", "version": "1.0.0", "operator": "eq"}, {"name": "gstreamer", "version": "0.11.99", "operator": "eq"}, {"name": "gstreamer", "version": "0.11.94", "operator": "eq"}, {"name": "gstreamer", "version": "0.11.93", "operator": "eq"}, {"name": "gstreamer", "version": "0.11.92", "operator": "eq"}, {"name": "gstreamer", "version": "0.11.91", "operator": "eq"}, {"name": "gstreamer", "version": "0.11.90", "operator": "eq"}, {"name": "gstreamer", "version": "0.11.2", "operator": "eq"}, {"name": "gstreamer", "version": "0.11.1", "operator": "eq"}, {"name": "gstreamer", "version": "0.11.0", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.35", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.34", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.33", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.32", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.31", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.30", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.29", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.28", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.27", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.26", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.25", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.24", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.23", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.22", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.21", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.20", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.18", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.17", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.16", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.15", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.14", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.13", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.12", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.11", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.10", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.9", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.8", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.7", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.6", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.5", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.4", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.3", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.2", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.1", "operator": "eq"}, {"name": "gstreamer", "version": "0.10.0", "operator": "eq"}, {"name": "gstreamer", "version": "0.9.7", "operator": "eq"}, {"name": "gstreamer", "version": "0.9.6", "operator": "eq"}, {"name": "gstreamer", "version": "0.9.5", "operator": "eq"}, {"name": "gstreamer", "version": "0.9.4", "operator": "eq"}, {"name": "gstreamer", "version": "0.9.3", "operator": "eq"}, {"name": "gstreamer", "version": "0.9.2", "operator": "eq"}, {"name": "gstreamer", "version": "0.8.9", "operator": "eq"}, {"name": "gstreamer", "version": "0.8.8", "operator": "eq"}, {"name": "gstreamer", "version": "0.8.7", "operator": "eq"}, {"name": "gstreamer", "version": "0.8.6", "operator": "eq"}, {"name": "gstreamer", "version": "0.8.4", "operator": "eq"}, {"name": "gstreamer", "version": "0.8.3", "operator": "eq"}, {"name": "gstreamer", "version": "0.8.2", "operator": "eq"}, {"name": "gstreamer", "version": "0.8.1", "operator": "eq"}, {"name": "gstreamer", "version": "0.8.0", "operator": "eq"}, {"name": "gstreamer", "version": "0.8-ROOT", "operator": "eq"}, {"name": "gstreamer", "version": "0.7.6", "operator": "eq"}, {"name": "gstreamer", "version": "0.7.5-ROOT", "operator": "eq"}, {"name": "gstreamer", "version": "0.7.4-ROOT", "operator": "eq"}, {"name": "gstreamer", "version": "0.7.3", "operator": "eq"}, {"name": "gstreamer", "version": "0.7.2", "operator": "eq"}, {"name": "gstreamer", "version": "0.7.2-ROOT", "operator": "eq"}, {"name": "gstreamer", "version": "0.7.1", "operator": "eq"}, {"name": "gstreamer", "version": "0.6-ROOT", "operator": "eq"}, {"name": "gstreamer", "version": "0.5.2-ROOT", "operator": "eq"}, {"name": "gstreamer", "version": "0.5.1-ROOT", "operator": "eq"}, {"name": "gstreamer", "version": "0.5.0-ROOT", "operator": "eq"}, {"name": "gstreamer", "version": "0.4.2-ROOT", "operator": "eq"}, {"name": "gstreamer", "version": "0.4.1-ROOT", "operator": "eq"}, {"name": "gstreamer", "version": "0.4.0-ROOT", "operator": "eq"}, {"name": "gstreamer", "version": "0.3.4-ROOT", "operator": "eq"}, {"name": "gstreamer", "version": "0.3.3-ROOT", "operator": "eq"}, {"name": "gstreamer", "version": "0.3.2-DOBDAY", "operator": "eq"}, {"name": "gstreamer", "version": "0.3.1-1", "operator": "eq"}, {"name": "gstreamer", "version": "0.3.1-BELGIANBEER", "operator": "eq"}, {"name": "gstreamer", "version": "0.3.0-EVENTFUL", "operator": "eq"}, {"name": "gstreamer", "version": "0.2.1-UNKN", "operator": "eq"}, {"name": "gstreamer", "version": "0.2.0-CRITICALMASS", "operator": "eq"}, {"name": "gstreamer", "version": "0.1.1-DUCTTAPE", "operator": "eq"}, {"name": "gstreamer", "version": "0.1.0-SLIPSTREAM", "operator": "eq"}], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645808118}}