CVE-2022-1920 – gstreamer-plugins-good: Potential heap overwrite in gst_matroska_demux_add_wvpk_header()
https://notcve.org/view.php?id=CVE-2022-1920
Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite. Desbordamiento de enteros en el elemento matroskademux en la función gst_matroska_demux_add_wvpk_header que permite una sobreescritura en el montón mientras se analizan los archivos matroska. Potencial para la ejecución de código arbitrario a través de la sobreescritura de la pila. A flaw was found in GStreamer. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1226 https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html https://www.debian.org/security/2022/dsa-5204 https://access.redhat.com/security/cve/CVE-2022-1920 https://bugzilla.redhat.com/show_bug.cgi?id=2130935 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2022-1921 – gstreamer-plugins-good: Heap-based buffer overflow in the avi demuxer when handling certain AVI files
https://notcve.org/view.php?id=CVE-2022-1921
Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite. Desbordamiento de enteros en el elemento avidemux en la función gst_avi_demux_invert que permite una escritura excesiva de la pila mientras se analizan archivos avi. Potencial para la ejecución de código arbitrario a través de la sobreescritura de la pila. A flaw was found in GStreamer. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1224 https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html https://www.debian.org/security/2022/dsa-5204 https://access.redhat.com/security/cve/CVE-2022-1921 https://bugzilla.redhat.com/show_bug.cgi?id=2130949 • CWE-190: Integer Overflow or Wraparound •
CVE-2021-3522
https://notcve.org/view.php?id=CVE-2021-3522
GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags. GStreamer versiones anteriores a 1.18.4, puede llevar a cabo una lectura fuera de límites al manejar determinadas etiquetas ID3v2 • https://bugzilla.redhat.com/show_bug.cgi?id=1954761 https://security.gentoo.org/glsa/202208-31 https://security.netapp.com/advisory/ntap-20211022-0004 https://www.oracle.com/security-alerts/cpuoct2021.html • CWE-125: Out-of-bounds Read •
CVE-2021-3497 – gstreamer-plugins-good: Use-after-free in matroska demuxing
https://notcve.org/view.php?id=CVE-2021-3497
GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. GStreamer versiones anteriores a 1.18.4, podría acceder a la memoria ya liberada en rutas de código de error al demultiplexar determinados archivos Matroska malformados • https://bugzilla.redhat.com/show_bug.cgi?id=1945339 https://gstreamer.freedesktop.org/security/sa-2021-0002.html https://lists.debian.org/debian-lts-announce/2021/04/msg00027.html https://security.gentoo.org/glsa/202208-31 https://www.debian.org/security/2021/dsa-4900 https://access.redhat.com/security/cve/CVE-2021-3497 • CWE-416: Use After Free •
CVE-2019-9928
https://notcve.org/view.php?id=CVE-2019-9928
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution. GStreamer anterior a la versión 1.16.0 presenta una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en el parser de conexión RTSP mediante una respuesta de servidor especialmente diseñada, lo que permite potencialmente la ejecución remota de código. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00082.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00049.html https://gstreamer.freedesktop.org/security https://gstreamer.freedesktop.org/security/sa-2019-0001.html https://lists.debian.org/debian-lts-announce/2019/04/msg00030.html https://lists.debian.org/debian-lts-announce/2019/04/msg00031.html https://seclists.org/bugtraq/2019/Apr& • CWE-787: Out-of-bounds Write •