Security: [0day] [PoC] Incorrect fix for gstreamer FLIC decoder vulnerability CESA-2016-0004
▻https://scarybeastsecurity.blogspot.fr/2016/11/0day-poc-incorrect-fix-for-gstreamer.html
Recently (Nov 21st, 2016), I published an 0day exploit against the gstreamer FLIC decoder, here on my blog.
The response time from gstreamer upstream was impressive: a patch in 1 day or so that fixed not only the immediate issue but also some similar bugs in other functions in the decoder. More on those other bugs in another post. Here is the git commit.
The response from Ubuntu, one of the distributions I use, was also fast. On Nov 22nd 2016, they published a gstreamer advisory: USN-3135-1. At the time of writing — Nov 24th, 2016 — I am not being offered patches for my Fedora 24 or Fedora 25 installs, by way of contrast.
Unfortunately, the fix was not 100% correct. Presented here is an 0day PoC (PoC, not exploit!) for the remaining memory corruption issue, along with a description of the code error.
