Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-1923

Published: 19/07/2022 Updated: 27/06/2023
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Gstreamer

Vulnerability Summary

DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gstreamer project gstreamer

debian debian linux 10.0

debian debian linux 11.0

Vendor Advisories

Red Hat: Moderate: gstreamer1-plugins-good security update
Synopsis Moderate: gstreamer1-plugins-good security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 9Red Hat Product Security has ...
Ubuntu Security Notice: USN-5555-1: GStreamer Good Plugins vulnerabilities
Several security issues were fixed in GStreamer Plugins Good ...
Debian Security Advisories: DSA-5204-1 gst-plugins-good1.0 -- security update
Adam Doupe discovered multiple vulnerabilities in the Gstreamer plugins to demux Mastroska and AVI files which could result in denial of service or the execution of arbitrary code For the stable distribution (bullseye), these problems have been fixed in version 1184-2+deb11u1 We recommend that you upgrade your gst-plugins-good10 packages For ...

References

CWE-190https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225https://www.debian.org/security/2022/dsa-5204https://lists.debian.org/debian-lts-announce/2022/08/msg00001.htmlhttps://access.redhat.com/errata/RHSA-2023:2260https://ubuntu.com/security/notices/USN-5555-1https://nvd.nist.govhttps://www.debian.org/security/2022/dsa-5204
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook