Upstream does not consider this a security vulnerability. Disclosing and unmarking private.
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gstreamer1.0 in Ubuntu. https://bugs.launchpad.net/bugs/1404557 Title: [DoS] GStreamer hangs when given this malformed file Status in gstreamer1.0 package in Ubuntu: New Bug description: Anything based on GStreamer hangs when given the attached video file for playback. Tested on gst-play-1.0, shotwell-video-thumbnailer, Audience and Totem. Depending on the application this can be accompanied by huge memory usage or significant CPU usage. According to debug output from gst- play-1.0, GStreamer goes into an infinite loop. This can cause denial of service in applications that do not enforce resource limits and operation timeouts - which, admittedly, can be hard to do for video. The bug was found by American Fuzzy Lop after fuzzing shotwell-video- thumbnailer for 5 minutes. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: libgstreamer1.0-0 1.2.4-0ubuntu1 ProcVersionSignature: Ubuntu 3.13.0-43.72-generic 3.13.11.11 Uname: Linux 3.13.0-43-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.6 Architecture: amd64 CurrentDesktop: Unity Date: Sat Dec 20 23:51:03 2014 InstallationDate: Installed on 2014-12-19 (0 days ago) InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2) SourcePackage: gstreamer1.0 UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gstreamer1.0/+bug/1404557/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
