Skip to main content

Debian Linux CVE-2022-1923

HIGH
Heap-based Buffer Overflow (CWE-122)
2022-07-19 secalert@redhat.com
Buffer Overflow Debian Linux Gstreamer
7.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
PoC Detected
Mar 17, 2026 - 15:52 vuln.today
Public exploit code
CVE Published
Jul 19, 2022 - 20:15 nvd
HIGH 7.8

DescriptionNVD

DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.

AnalysisAI

An integer overflow vulnerability in GStreamer's matroska demuxer can cause denial of service through segmentation faults or potentially allow heap memory corruption when processing malformed MKV files with bzip compression. The vulnerability affects GStreamer versions prior to patches released in 2022, with proof-of-concept exploits publicly available and an EPSS score of 0.04% indicating low but non-zero exploitation probability. While not currently in CISA's KEV catalog, the vulnerability requires only local access with user interaction to exploit, achieving high impact across confidentiality, integrity, and availability.

Technical ContextAI

The vulnerability exists in the matroskademux element of GStreamer, a popular multimedia framework, specifically in the bzip decompression function used when parsing MKV (Matroska) container files. According to the CPE data, all versions of GStreamer (cpe:2.3:a:gstreamer:gstreamer:*) are affected, along with Debian Linux 10.0 and 11.0. The root cause is CWE-122 (Heap-based Buffer Overflow), where an integer overflow during memory reallocation can lead to writing beyond allocated heap boundaries. The security impact varies based on the libc implementation and operating system memory management capabilities - systems using mmap for large allocations will experience only denial of service, while others may suffer heap corruption.

RemediationAI

Apply the security updates provided by your distribution immediately - Debian users should install the patches referenced in DSA-5204 (https://www.debian.org/security/2022/dsa-5204) and the LTS announcement (https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html). For systems that cannot be immediately patched, consider implementing application-level controls to prevent processing of untrusted MKV files or disable bzip decompression support in GStreamer if not required. Monitor the upstream GStreamer issue tracker at https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 for additional updates and verify successful patching by testing with the proof-of-concept if available in a controlled environment.

Share

CVE-2022-1923 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy