GStreamer Subparse Plugin Null Pointer Dereference Vulnerability

A null pointer dereference vulnerability has been identified in the GStreamer subparse plugin, specifically in the 'subrip_unescape_formatting' function. This issue arises when the function attempts to parse a subtitle file and dereferences a NULL pointer, leading to a crash. The vulnerability is present in GStreamer versions through 1.26.1.

Impact

Exploitation of this vulnerability causes a crash by dereferencing a NULL pointer, disrupting the application's normal operation.

Reproduction

The vulnerability can be reproduced by using the GStreamer command-line tools or by creating a simple GStreamer application that includes the 'subparse' plugin. The 'filesrc' element can be used to specify a subtitle file that triggers the vulnerability. When the pipeline is set to 'PLAYING', the 'subrip_unescape_formatting' function will be called, and if the input file is crafted to cause a NULL pointer dereference, GStreamer will crash.

Remediation

Users can upgrade to GStreamer versions 1.26.2 or later, where this vulnerability has been fixed. For those using older versions, patch files are available.