Gstreamer 1.10.1 Denial Of Service Execute Code Overflow Vulnerability
19 Jul. 2017
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.
* Linux 8
* Gstreamer 1.10.1
* Redhat Enterprise Linux Desktop 6
* Redhat Enterprise Linux Hpc Node 6
* Redhat Enterprise Linux Server 6
* Redhat Enterprise Linux Workstation 6
A powerful heap corruption vulnerability exists in the gstreamer decoder for the FLIC file format. Presented here is an 0day exploit for this vulnerability.
This decoder is generally present in the default install of modern Linux desktops, including Ubuntu 16.04 and Fedora 24. Gstreamer classifies its decoders as good , bad or ugly . Despite being quite buggy, and not being a format at all necessary on a modern desktop, the FLIC decoder is classified as good , almost guaranteeing its presence in default Linux installs.