CVE-2022-1920Heap-based Buffer Overflow in Gstreamer

CWE-122Heap-based Buffer OverflowCWE-190Integer Overflow or WraparoundCWE-787Out-of-bounds Write7 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 78.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GstreamerDebian Gst-plugins-good1.0Debian Linux
Timeline
PublishedJul 19
Latest updateAug 8

Description

Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDgstreamer/gstreamer< 1.20.3
debiandebian/gst-plugins-good1.0< gst-plugins-good1.0 1.20.3-1 (bookworm)
CVEListV5gstreamer/gstreamer1.20.3

Also affects: Debian Linux 10.0, 11.0

Patches

Patch: gitlab.freedesktop.orgPatch: gitlab.freedesktop.org

🔴Vulnerability Details

3
OSV
gst-plugins-good1.0 vulnerabilities2022-08-08
GHSA
GHSA-hvfw-pcx7-j7qm: Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files2022-07-20
OSV
CVE-2022-1920: Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files2022-07-19

📋Vendor Advisories

3
Ubuntu
GStreamer Good Plugins vulnerabilities2022-08-08
Red Hat
gstreamer-plugins-good: Potential heap overwrite in gst_matroska_demux_add_wvpk_header()2022-05-18
Debian
CVE-2022-1920: gst-plugins-good1.0 - Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header ...2022
CVE-2022-1920 — Heap-based Buffer Overflow in Gstreamer | cvebase