// For flags

CVE-2022-1922

gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using zlib decompression

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.

DOS / escritura excesiva potencial de pila en la demuxación de mkv usando descompresión zlib. Desbordamiento de enteros en el elemento matroskademux en la función gst_matroska_decompress_data que causa un segfault, o podría causar una escritura excesiva de la pila, dependiendo de la libc y el SO. Dependiendo de la libc usada, y de las capacidades del SO subyacente, podría ser sólo un segfault o una escritura excesiva de la pila. Si la libc usa mmap para los trozos grandes, y el SO soporta mmap, entonces es sólo un segfault (porque la reasignación antes del desbordamiento de enteros usará mremap para reducir el tamaño del trozo, y comenzará a escribir en la memoria no mapeada). Sin embargo, si es usada una implementación de libc que no usa mmap, o si el sistema operativo no soporta mmap mientras es usada libc, entonces esto podría resultar en una escritura excesiva de la pila.

A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the mkv demuxer when processing a specially crafted Matroska/WebM file using zlib decompression. This vulnerability can result in application crash, memory corruption, and code execution.

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Issues addressed include a buffer overflow vulnerability.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-05-27 CVE Reserved
  • 2022-07-19 CVE Published
  • 2024-08-03 CVE Updated
  • 2024-08-03 First Exploit
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-122: Heap-based Buffer Overflow
  • CWE-190: Integer Overflow or Wraparound
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gstreamer Project
Search vendor "Gstreamer Project"
 Gstreamer
Search vendor "Gstreamer Project" for product "Gstreamer"
 < 1.20.3
Search vendor "Gstreamer Project" for product "Gstreamer" and version " < 1.20.3"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 10.0
Search vendor "Debian" for product "Debian Linux" and version "10.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 11.0
Search vendor "Debian" for product "Debian Linux" and version "11.0"
-
Affected