Bug 1024076 – VUL-1: CVE-2017-5837: gstreamer-0_10-plugins-base,gstreamer-plugins-base: Floating point exception in gst_riff_create_audio_caps

Bug 1024076 - (CVE-2017-5837) VUL-1: CVE-2017-5837: gstreamer-0_10-plugins-base,gstreamer-plugins-base: Floating point exception in gst_riff_create_audio_caps

(CVE-2017-5837)
Summary:	VUL-1: CVE-2017-5837: gstreamer-0_10-plugins-base,gstreamer-plugins-base: Fl...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/179860/
Whiteboard:	CVSSv2:NVD:CVE-2017-5837:4.3:(AV:N/AC...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2017-02-07 16:00 UTC by Matthias Gerstner
Modified:	2020-05-12 18:00 UTC (History)
CC List:	9 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthias Gerstner 2017-02-07 16:00:21 UTC

A crafted RIFF container can cause a floating point exception.

upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=777262
upstream commit: https://github.com/GStreamer/gst-plugins-base/commit/81d3ba3fa212bb25fe2ac661993887c4b69af6f1

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1419584
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5837
http://seclists.org/oss-sec/2017/q1/284
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5837.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5837
https://bugzilla.gnome.org/show_bug.cgi?id=777957
https://bugzilla.gnome.org/show_bug.cgi?id=777955

Comment 1 Matthias Gerstner 2017-02-07 16:03:47 UTC

We can't directly reproduce this issue, because the PoC file from the reporter
is an ASF file. The ASF decoder is only in gstreamer-plugins-ugly, which are
only shipped in openSUSE, and there the ASF decoder has been removed from the
sources.

The upstream bugfix, however, is within gstreamer-plugins-base and does in
principle apply to all codestreams of gstreamer-plugins-base and
gstreamer-0_10-plugins-base:

[affected]

gstreamer-plugins-base

SUSE:SLE-12-SP2:Update/gstreamer-plugins-base/gst-plugins-base-1.8.3/gst-libs/gst/riff/riff-media.c:1651,1684
SUSE:SLE-12:Update/gstreamer-plugins-base/gst-plugins-base-1.2.4/gst-libs/gst/riff/riff-media.c:1593,1626

gstreamer-0_10-plugins-base

SUSE:SLE-12-SP2:Update/gstreamer-0_10-plugins-base/gst-plugins-base-0.10.36/gst-libs/gst/riff/riff-media.c:1497,1543
SUSE:SLE-12:Update/gstreamer-0_10-plugins-base/gst-plugins-base-0.10.36/gst-libs/gst/riff/riff-media.c:1498,1544
SUSE:SLE-11-SP2:Update/gstreamer-0_10-plugins-base/gst-plugins-base-0.10.35/gst-libs/gst/riff/riff-media.c:1498,1544
SUSE:SLE-11-SP1:Update/gstreamer-0_10-plugins-base/gst-plugins-base-0.10.25/gst-libs/gst/riff/riff-media.c:1402,1448

openSUSE:Leap:42.2:Update/gstreamer-0_10-plugins-base/gst-plugins-base-0.10.36/gst-libs/gst/riff/riff-media.c:1498,1544

As it might be possible to create different media formats that trigger the bug
in RIFF container parsing we should address this issue.

Comment 2 Swamp Workflow Management 2017-02-07 23:03:11 UTC

bugbot adjusting priority

Comment 4 Bernhard Wiedemann 2017-02-20 11:02:24 UTC

This is an autogenerated message for OBS integration:
This bug (1024076) was mentioned in
https://build.opensuse.org/request/show/459181 42.1 / gstreamer-plugins-base

Comment 5 Antonio Larrosa 2017-02-20 12:24:08 UTC

For gstreamer-plugins-base:
http://build.suse.de/request/show/128291 for SLE-12-SP2 (will go automatically to 42.2)
http://build.suse.de/request/show/128292 for SLE-12
http://build.opensuse.org/request/show/459181 for Leap 42.1

For gstreamer-0_10-plugins-base:
http://build.suse.de/request/show/128295 for SLE-12-SP2 (will go automatically to 42.2)
http://build.suse.de/request/show/128296 for SLE-12 (will go automatically to 42.1)

Comment 6 Swamp Workflow Management 2017-02-28 23:08:34 UTC

openSUSE-SU-2017:0574-1: An update that fixes four vulnerabilities is now available.

Category: security (low)
Bug References: 1024041,1024047,1024076,1024079
CVE References: CVE-2017-5837,CVE-2017-5839,CVE-2017-5842,CVE-2017-5844
Sources used:
openSUSE Leap 42.1 (src):    gstreamer-plugins-base-1.4.5-8.1

Comment 7 Swamp Workflow Management 2017-04-13 13:09:53 UTC

SUSE-SU-2017:1003-1: An update that fixes two vulnerabilities is now available.

Category: security (low)
Bug References: 1024076,1024079
CVE References: CVE-2017-5837,CVE-2017-5844
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    gstreamer-0_10-plugins-base-0.10.36-17.13
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    gstreamer-0_10-plugins-base-0.10.36-17.13
SUSE Linux Enterprise Server 12-SP2 (src):    gstreamer-0_10-plugins-base-0.10.36-17.13
SUSE Linux Enterprise Desktop 12-SP2 (src):    gstreamer-0_10-plugins-base-0.10.36-17.13

Comment 8 Swamp Workflow Management 2017-04-13 13:15:14 UTC

SUSE-SU-2017:1012-1: An update that fixes two vulnerabilities is now available.

Category: security (low)
Bug References: 1024076,1024079
CVE References: CVE-2017-5837,CVE-2017-5844
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    gstreamer-0_10-plugins-base-0.10.36-11.6.9
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    gstreamer-0_10-plugins-base-0.10.36-11.6.9
SUSE Linux Enterprise Server 12-SP1 (src):    gstreamer-0_10-plugins-base-0.10.36-11.6.9
SUSE Linux Enterprise Desktop 12-SP1 (src):    gstreamer-0_10-plugins-base-0.10.36-11.6.9

Comment 9 Swamp Workflow Management 2017-04-18 13:09:14 UTC

SUSE-SU-2017:1039-1: An update that fixes four vulnerabilities is now available.

Category: security (low)
Bug References: 1024041,1024047,1024076,1024079
CVE References: CVE-2017-5837,CVE-2017-5839,CVE-2017-5842,CVE-2017-5844
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    gstreamer-plugins-base-1.8.3-12.11
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    gstreamer-plugins-base-1.8.3-12.11
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    gstreamer-plugins-base-1.8.3-12.11
SUSE Linux Enterprise Server 12-SP2 (src):    gstreamer-plugins-base-1.8.3-12.11
SUSE Linux Enterprise Desktop 12-SP2 (src):    gstreamer-plugins-base-1.8.3-12.11

Comment 10 Swamp Workflow Management 2017-04-18 13:11:07 UTC

SUSE-SU-2017:1041-1: An update that fixes four vulnerabilities is now available.

Category: security (low)
Bug References: 1024041,1024047,1024076,1024079
CVE References: CVE-2017-5837,CVE-2017-5839,CVE-2017-5842,CVE-2017-5844
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    gstreamer-plugins-base-1.2.4-2.6.8
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    gstreamer-plugins-base-1.2.4-2.6.8
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    gstreamer-plugins-base-1.2.4-2.6.8
SUSE Linux Enterprise Server 12-SP1 (src):    gstreamer-plugins-base-1.2.4-2.6.8
SUSE Linux Enterprise Desktop 12-SP1 (src):    gstreamer-plugins-base-1.2.4-2.6.8

Comment 11 Swamp Workflow Management 2017-04-20 16:09:29 UTC

openSUSE-SU-2017:1079-1: An update that fixes two vulnerabilities is now available.

Category: security (low)
Bug References: 1024076,1024079
CVE References: CVE-2017-5837,CVE-2017-5844
Sources used:
openSUSE Leap 42.1 (src):    gstreamer-0_10-plugins-base-0.10.36-17.1

Comment 12 Swamp Workflow Management 2017-04-26 16:10:48 UTC

openSUSE-SU-2017:1106-1: An update that fixes four vulnerabilities is now available.

Category: security (low)
Bug References: 1024041,1024047,1024076,1024079
CVE References: CVE-2017-5837,CVE-2017-5839,CVE-2017-5842,CVE-2017-5844
Sources used:
openSUSE Leap 42.2 (src):    gstreamer-plugins-base-1.8.3-5.3.2

Comment 13 Marcus Meissner 2018-09-10 13:40:16 UTC

released

Comment 17 Swamp Workflow Management 2019-06-11 13:11:59 UTC

SUSE-SU-2019:14076-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1024076,1024079,1133375
CVE References: CVE-2017-5837,CVE-2017-5844,CVE-2019-9928
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    gstreamer-0_10-plugins-base-0.10.35-5.18.5.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    gstreamer-0_10-plugins-base-0.10.35-5.18.5.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    gstreamer-0_10-plugins-base-0.10.35-5.18.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 18 Alexandros Toptsoglou 2019-12-13 15:18:55 UTC

all released