CVE-2022-1925

gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using HEADERSTRIP decompression

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks.

DOS / potencial escritura excesiva de la pila en la demuxación de mkv usando la descompresión HEADERSTRIP. Desbordamiento de enteros en el elemento matroskaparse en la función gst_matroska_decompress_data que causa un desbordamiento del montón. Debido a las restricciones en el tamaño de los trozos en el elemento matroskademux, el desbordamiento no puede ser provocado, sin embargo el elemento matroskaparse no presenta comprobaciones de tamaño.

A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the mkv demuxer when processing a specially crafted Matroska/WebM file using HEADERSTRIP decompression. This vulnerability can result in application crash, memory corruption, and code execution.

An update that fixes 7 vulnerabilities is now available. This update for gstreamer-plugins-good fixes the following issues. Fixed integer overflow in WavPack header handling code. Fixed integer overflow resulting in heap corruption in avidemux element. Fixed integer overflows in mkv demuxing. Fixed integer overflows in mkv demuxing using bzip. Fixed integer overflows in mkv demuxing using lzo. Fixed integer overflows in mkv demuxing using HEADERSTRIP. Fixed integer overflows in qtdemux using zlib.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-05-27 CVE Reserved
2022-07-19 CVE Published
2024-08-03 CVE Updated
2024-08-03 First Exploit
2025-05-15 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-122: Heap-based Buffer Overflow
CWE-190: Integer Overflow or Wraparound

CAPEC

References (5)

URL	Tag	Source
https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html	Mailing List

URL	Date	SRC
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225	2024-08-03

URL	Date	SRC

URL	Date	SRC
https://www.debian.org/security/2022/dsa-5204	2023-06-27
https://access.redhat.com/security/cve/CVE-2022-1925	2023-05-09
https://bugzilla.redhat.com/show_bug.cgi?id=2131007	2023-05-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gstreamer Project Search vendor "Gstreamer Project"		Gstreamer Search vendor "Gstreamer Project" for product "Gstreamer"				< 1.20.3 Search vendor "Gstreamer Project" for product "Gstreamer" and version " < 1.20.3"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0"		-		Affected