CVE-2022-2122

gstreamer-plugins-good: Potential heap overwrite in mp4 demuxing using zlib decompression

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite.

DOS / potencial escritura excesiva de la pila en qtdemux usando descompresión zlib. Desbordamiento de enteros en un elemento de qtdemux en la función qtdemux_inflate que causa un segfault, o podría causar una escritura excesiva de la pila, dependiendo de la libc y el SO. Dependiendo de la libc usada, y de las capacidades del SO subyacente, podría ser sólo un segfault o una escritura excesiva de la pila.

A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the qt demuxer when processing a specially crafted QuickTime/MP4 file using zlib decompression. This vulnerability can result in application crash, memory corruption, and code execution.

An update that fixes 7 vulnerabilities is now available. This update for gstreamer-plugins-good fixes the following issues. Fixed integer overflow in WavPack header handling code. Fixed integer overflow resulting in heap corruption in avidemux element. Fixed integer overflows in mkv demuxing. Fixed integer overflows in mkv demuxing using bzip. Fixed integer overflows in mkv demuxing using lzo. Fixed integer overflows in mkv demuxing using HEADERSTRIP. Fixed integer overflows in qtdemux using zlib.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-06-17 CVE Reserved
2022-07-19 CVE Published
2024-08-03 CVE Updated
2024-08-03 First Exploit
2025-05-15 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-122: Heap-based Buffer Overflow
CWE-190: Integer Overflow or Wraparound
CWE-787: Out-of-bounds Write

CAPEC

References (5)

URL	Tag	Source
https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html	Mailing List

URL	Date	SRC
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225	2024-08-03

URL	Date	SRC

URL	Date	SRC
https://www.debian.org/security/2022/dsa-5204	2022-10-07
https://access.redhat.com/security/cve/CVE-2022-2122	2023-05-09
https://bugzilla.redhat.com/show_bug.cgi?id=2131018	2023-05-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gstreamer Project Search vendor "Gstreamer Project"		Gstreamer Search vendor "Gstreamer Project" for product "Gstreamer"				< 1.20.3 Search vendor "Gstreamer Project" for product "Gstreamer" and version " < 1.20.3"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0"		-		Affected