CVE-2022-2122 – gstreamer-plugins-good: Potential heap overwrite in mp4 demuxing using zlib decompression
https://notcve.org/view.php?id=CVE-2022-2122
DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. DOS / potencial escritura excesiva de la pila en qtdemux usando descompresión zlib. Desbordamiento de enteros en un elemento de qtdemux en la función qtdemux_inflate que causa un segfault, o podría causar una escritura excesiva de la pila, dependiendo de la libc y el SO. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html https://www.debian.org/security/2022/dsa-5204 https://access.redhat.com/security/cve/CVE-2022-2122 https://bugzilla.redhat.com/show_bug.cgi?id=2131018 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2022-1925 – gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using HEADERSTRIP decompression
https://notcve.org/view.php?id=CVE-2022-1925
DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks. DOS / potencial escritura excesiva de la pila en la demuxación de mkv usando la descompresión HEADERSTRIP. Desbordamiento de enteros en el elemento matroskaparse en la función gst_matroska_decompress_data que causa un desbordamiento del montón. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html https://www.debian.org/security/2022/dsa-5204 https://access.redhat.com/security/cve/CVE-2022-1925 https://bugzilla.redhat.com/show_bug.cgi?id=2131007 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVE-2022-1922 – gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using zlib decompression
https://notcve.org/view.php?id=CVE-2022-1922
DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html https://www.debian.org/security/2022/dsa-5204 https://access.redhat.com/security/cve/CVE-2022-1922 https://bugzilla.redhat.com/show_bug.cgi?id=2130955 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVE-2022-1920 – gstreamer-plugins-good: Potential heap overwrite in gst_matroska_demux_add_wvpk_header()
https://notcve.org/view.php?id=CVE-2022-1920
Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite. Desbordamiento de enteros en el elemento matroskademux en la función gst_matroska_demux_add_wvpk_header que permite una sobreescritura en el montón mientras se analizan los archivos matroska. Potencial para la ejecución de código arbitrario a través de la sobreescritura de la pila. A flaw was found in GStreamer. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1226 https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html https://www.debian.org/security/2022/dsa-5204 https://access.redhat.com/security/cve/CVE-2022-1920 https://bugzilla.redhat.com/show_bug.cgi?id=2130935 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2022-2469
https://notcve.org/view.php?id=CVE-2022-2469
GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client GNU SASL libgsasl lectura fuera de límites del lado del servidor con cliente GSS-API autenticado malicioso • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2469.json https://gitlab.com/gsasl/gsasl/-/commit/796e4197f696261c1f872d7576371232330bcc30 https://www.debian.org/security/2022/dsa-5189 • CWE-125: Out-of-bounds Read •