Posted by Joshua on Dec 09

Gstreamer ID3v2 v1.0 – Out of Bounds Read

A maliciously crafted ID3v2-tagged file enables an out-of-bounds memory read against Gstreamer 1.0.

The Gstreamer ID3v2 implementation uses arbitrarily supplied data to generate buffers for the ID3v2 object and frames.
By providing a maliciously crafted file with a null length in the ID3v2 header and an arbitrarily set length in the
succeeding frame it is possible to generate an out of bounds read. An…