CVE-2022-1922

HIGH
2022-07-19 [email protected]
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
PoC Detected
Mar 17, 2026 - 15:52 vuln.today
Public exploit code
CVE Published
Jul 19, 2022 - 20:15 nvd
HIGH 7.8

Tags

Buffer Overflow Gstreamer Debian Linux

Description

DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.

Analysis

An integer overflow vulnerability in GStreamer's Matroska demuxer can cause denial of service or potentially heap memory corruption when processing specially crafted MKV files with zlib-compressed data. The vulnerability affects GStreamer versions prior to the patched releases and requires local access with user interaction to exploit. A public proof-of-concept exploit is available, though the EPSS score indicates relatively low real-world exploitation likelihood at 0.06%.

Technical Context

The vulnerability resides in the gst_matroska_decompress_data function within GStreamer's matroskademux element, which handles MKV (Matroska) multimedia container format files. According to the CPE data, this affects the GStreamer multimedia framework (cpe:2.3:a:gstreamer:gstreamer) as well as Debian Linux distributions 10.0 and 11.0. The root cause is an integer overflow (CWE-122: Heap-based Buffer Overflow) that occurs during zlib decompression operations. The impact varies based on the underlying libc implementation and operating system memory management capabilities - systems using mmap for large memory allocations will experience a segmentation fault, while systems without mmap support may suffer heap memory corruption.

Affected Products

GStreamer multimedia framework versions prior to the patched releases are vulnerable, as indicated by the CPE entry cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*. The vulnerability also affects Debian Linux 10.0 (Buster) and 11.0 (Bullseye) distributions which include the vulnerable GStreamer packages. Debian has issued security advisories DSA-5204 for stable releases and separate announcements for long-term support versions, available at https://www.debian.org/security/2022/dsa-5204 and https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html respectively.

Remediation

Apply the security updates provided by your distribution or upgrade GStreamer to a patched version. Debian users should install the updates referenced in DSA-5204 for Debian 11 or the LTS announcement for Debian 10. The upstream fix is tracked in GitLab issue 1225 at https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225. As a temporary mitigation, avoid processing MKV files from untrusted sources, particularly those using zlib compression. Consider implementing file validation or sandboxing for applications that must process untrusted multimedia content.

Priority Score

59
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +39
POC: +20

Share

CVE-2022-1922 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy