CVE-2022-1921Integer Overflow or Wraparound in Gstreamer

CWE-190Integer Overflow or Wraparound7 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 86.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GstreamerDebian Gst-plugins-good1.0Debian Linux
Timeline
PublishedJul 19
Latest updateAug 8

Description

Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDgstreamer/gstreamer< 1.20.3
debiandebian/gst-plugins-good1.0< gst-plugins-good1.0 1.20.3-1 (bookworm)
CVEListV5gstreamer/gstreamer1.20.3

Also affects: Debian Linux 10.0, 11.0

Patches

Patch: gitlab.freedesktop.orgPatch: gitlab.freedesktop.org

🔴Vulnerability Details

3
OSV
gst-plugins-good1.0 vulnerabilities2022-08-08
GHSA
GHSA-9427-ppcj-49fw: Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files2022-07-20
OSV
CVE-2022-1921: Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files2022-07-19

📋Vendor Advisories

3
Ubuntu
GStreamer Good Plugins vulnerabilities2022-08-08
Red Hat
gstreamer-plugins-good: Heap-based buffer overflow in the avi demuxer when handling certain AVI files2022-05-17
Debian
CVE-2022-1921: gst-plugins-good1.0 - Integer overflow in avidemux element in gst_avi_demux_invert function which allo...2022
CVE-2022-1921 — Integer Overflow or Wraparound | cvebase