GStreamer Null Pointer Dereference Vulnerability in Subparse Plugin

A null pointer dereference vulnerability has been identified in the GStreamer subparse plugin, specifically in the 'tmplayer_parse_line' function. This issue arises when the function attempts to parse a subtitle file and dereferences a pointer that can be null, leading to a crash. The vulnerability is present in GStreamer versions through 1.26.1.

Impact

Exploitation of this vulnerability leads to a crash of the GStreamer application, causing a denial of service.

Reproduction

The vulnerability can be reproduced by using GStreamer to process a subtitle file that triggers the null pointer dereference. This can be done by creating a GStreamer pipeline that includes the 'subparse' plugin and linking it to a source element that reads the crafted subtitle file. The 'tmplayer_parse_line' function will attempt to append text from the 'text_start' pointer to a buffer, resulting in a crash if the pointer is null.

Remediation

Users can upgrade to GStreamer versions 1.26.2 or later, where this vulnerability has been patched. For those using older versions, a patch is available.