CVE-2022-1925

HIGH
2022-07-19 [email protected]
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
PoC Detected
Mar 17, 2026 - 15:52 vuln.today
Public exploit code
CVE Published
Jul 19, 2022 - 20:15 nvd
HIGH 7.8

Tags

Buffer Overflow Gstreamer Debian Linux

Description

DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks.

Analysis

A heap overflow vulnerability exists in GStreamer's matroskaparse element due to an integer overflow in the gst_matroska_decompress_data function when processing MKV files with HEADERSTRIP decompression. While the matroskaparse element lacks proper size checks making it vulnerable, the more commonly used matroskademux element has restrictions that prevent exploitation. A proof-of-concept exploit is publicly available, though the EPSS score indicates a relatively low (4%) probability of real-world exploitation.

Technical Context

GStreamer is a multimedia framework used for creating streaming media applications, with the affected versions identified through CPE as all versions prior to the fix (cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*). The vulnerability stems from a classic heap-based buffer overflow (CWE-122) where integer overflow during decompression calculations leads to undersized buffer allocation. The matroskaparse element processes Matroska/MKV container files and specifically fails to validate chunk sizes during HEADERSTRIP decompression, while the matroskademux element (used for actual playback) includes protective size restrictions.

Affected Products

GStreamer multimedia framework versions prior to the patched release are affected, as identified by CPE cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*. The vulnerability also impacts Debian Linux 10.0 (Buster) and 11.0 (Bullseye) distributions that include the vulnerable GStreamer versions. Debian has released security updates DSA-5204 for stable releases and addressed the issue in debian-lts-announce for older supported versions. The upstream fix is tracked in GitLab issue 1225 at https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225.

Remediation

Apply the security updates provided by your distribution immediately - Debian users should install DSA-5204 updates, while other distributions should check for GStreamer updates that address CVE-2022-1925. For systems that cannot be immediately patched, consider restricting access to untrusted MKV files and disabling matroskaparse element usage where possible. Monitor the upstream GitLab issue at https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 for additional patches and verify updates are applied through your package manager.

Priority Score

59
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +39
POC: +20

Share

CVE-2022-1925 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy