Re: obs 30.2.0 or later: double-free on exit

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Đoàn Trần Công Danh" <congdanhqx@gmail.com>
To: Alan Coopersmith <alan.coopersmith@oracle.com>
Cc: distributions@lists.linux.dev
Subject: Re: obs 30.2.0 or later: double-free on exit
Date: Tue, 30 Jul 2024 15:32:57 +0700	[thread overview]
Message-ID: <ZqilH5VqzZNpa6rl@danh.dev> (raw)
In-Reply-To: <a9f3906b-9db5-4c90-ae56-d82825eee6cc@oracle.com>

On 2024-07-26 10:41:21-0700, Alan Coopersmith <alan.coopersmith@oracle.com> wrote:
> On 7/26/24 01:28, Đoàn Trần Công Danh wrote:
> > I'm not sure if this mail should be sent to distros@
> > If yes, please help me forward it!
> 
> If you mean distros@vs.openwall.com, then no, this mail should not be sent
> there.   That mailing list is only for non-public, temporarily-embargoed
> security information to be shared a short time before it goes public.

Understood!

> But since I'm not familiar with obs-studio, I don't know if there's any
> actual security exposure here to make it on-topic for the oss-security
> mailing list.  While you've described a bug that can crash the program,
> what can an attacker do to exploit it?  What will the attacker be able
> to do that they couldn't already do?

The double-free also happens with built-in plugins, (IOW, the plugins
that must be shipped together with obs-studio).  Hence, the
double-free will happens with all installation of obs-studio.

The obs-studio is used to process and broadcast audio files, which
could be used as an attack vector, I think.

-- 
Danh

     prev parent reply	other threads:[~2024-07-30  8:33 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-07-26  8:28 obs 30.2.0 or later: double-free on exit Đoàn Trần Công Danh
2024-07-26 17:41 ` Alan Coopersmith
2024-07-30  8:32   ` Đoàn Trần Công Danh [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZqilH5VqzZNpa6rl@danh.dev \
    --to=congdanhqx@gmail.com \
    --cc=alan.coopersmith@oracle.com \
    --cc=distributions@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.