Gstreamer
CVE-2022-1922
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.
AnalysisAI
An integer overflow vulnerability in GStreamer's Matroska demuxer can cause denial of service or potentially heap memory corruption when processing specially crafted MKV files with zlib-compressed data. The vulnerability affects GStreamer versions prior to the patched releases and requires local access with user interaction to exploit. A public proof-of-concept exploit is available, though the EPSS score indicates relatively low real-world exploitation likelihood at 0.06%.
Technical ContextAI
The vulnerability resides in the gst_matroska_decompress_data function within GStreamer's matroskademux element, which handles MKV (Matroska) multimedia container format files. According to the CPE data, this affects the GStreamer multimedia framework (cpe:2.3:a:gstreamer:gstreamer) as well as Debian Linux distributions 10.0 and 11.0. The root cause is an integer overflow (CWE-122: Heap-based Buffer Overflow) that occurs during zlib decompression operations. The impact varies based on the underlying libc implementation and operating system memory management capabilities - systems using mmap for large memory allocations will experience a segmentation fault, while systems without mmap support may suffer heap memory corruption.
RemediationAI
Apply the security updates provided by your distribution or upgrade GStreamer to a patched version. Debian users should install the updates referenced in DSA-5204 for Debian 11 or the LTS announcement for Debian 10. The upstream fix is tracked in GitLab issue 1225 at https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225. As a temporary mitigation, avoid processing MKV files from untrusted sources, particularly those using zlib compression. Consider implementing file validation or sandboxing for applications that must process untrusted multimedia content.
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer
The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write an
A heap-based buffer overflow vulnerability exists in GStreamer's RTSP connection parser that allows remote attackers to
An integer overflow vulnerability in the GStreamer multimedia framework's matroska demuxer allows heap memory corruption
A critical integer overflow vulnerability in GStreamer's qtdemux element allows attackers to trigger denial of service o
A critical integer overflow vulnerability in the GStreamer multimedia framework's Matroska (MKV) demuxer can cause denia
An integer overflow vulnerability in GStreamer's AVI demux element allows attackers to trigger a heap overwrite when par
A heap overflow vulnerability exists in GStreamer's matroskaparse element due to an integer overflow in the gst_matroska
An integer overflow vulnerability in GStreamer's matroska demuxer can cause denial of service through segmentation fault
An out-of-bounds write vulnerability exists in GStreamer's SSA subtitle parser (gstssaparse.c) that occurs when malforme
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today