OpenCVE

Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Gstreamer Project	Gstreamer
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
gstreamer1-plugins-good-0:1.18.4-6.el9	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:2260	2023-05-09T00:00:00Z

References

Link	Providers
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1226
https://gstreamer.freedesktop.org/security/sa-2022-0004.html
https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html
https://nvd.nist.gov/vuln/detail/CVE-2022-1920
https://www.cve.org/CVERecord?id=CVE-2022-1920
https://www.debian.org/security/2022/dsa-5204

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-07-19T19:08:30

Updated: 2024-08-03T00:17:00.985Z

Reserved: 2022-05-27T00:00:00

Link: CVE-2022-1920

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-07-19T20:15:10.767

Modified: 2022-10-07T13:58:43.543

Link: CVE-2022-1920

Redhat

Severity : Moderate

Publid Date: 2022-05-18T00:00:00Z

Links: CVE-2022-1920 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "GStreamer", "vendor": "n/a", "versions": [{"status": "affected", "version": "1.20.3"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "CWE-122", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-10T02:07:53", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1226"}, {"name": "[debian-lts-announce] 20220809 [SECURITY] [DLA 3069-1] gst-plugins-good1.0 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html"}, {"name": "DSA-5204", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2022/dsa-5204"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2022-1920", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "GStreamer", "version": {"version_data": [{"version_value": "1.20.3"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-122"}]}]}, "references": {"reference_data": [{"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1226", "refsource": "MISC", "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1226"}, {"name": "[debian-lts-announce] 20220809 [SECURITY] [DLA 3069-1] gst-plugins-good1.0 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html"}, {"name": "DSA-5204", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5204"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:17:00.985Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1226"}, {"name": "[debian-lts-announce] 20220809 [SECURITY] [DLA 3069-1] gst-plugins-good1.0 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html"}, {"name": "DSA-5204", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5204"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-1920", "datePublished": "2022-07-19T19:08:30", "dateReserved": "2022-05-27T00:00:00", "dateUpdated": "2024-08-03T00:17:00.985Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F0B9BDB-EABD-4940-A930-E032D1C9C99F", "versionEndExcluding": "1.20.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite."}, {"lang": "es", "value": "Desbordamiento de enteros en el elemento matroskademux en la funci\u00f3n gst_matroska_demux_add_wvpk_header que permite una sobreescritura en el mont\u00f3n mientras se analizan los archivos matroska. Potencial para la ejecuci\u00f3n de c\u00f3digo arbitrario a trav\u00e9s de la sobreescritura de la pila."}], "id": "CVE-2022-1920", "lastModified": "2022-10-07T13:58:43.543", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-19T20:15:10.767", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1226"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5204"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}, {"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-122"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:2260", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "gstreamer1-plugins-good-0:1.18.4-6.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}], "bugzilla": {"description": "gstreamer-plugins-good: Potential heap overwrite in gst_matroska_demux_add_wvpk_header()", "id": "2130935", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130935"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-190->CWE-122", "details": ["Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite.", "A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the mkv demuxer when processing a specially crafted Matroska file. This vulnerability can result in application crash, memory corruption, and code execution."], "name": "CVE-2022-1920", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "gstreamer-plugins-good", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "gstreamer1-plugins-good", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "gstreamer-plugins-good", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "gstreamer1-plugins-good", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "libreoffice:flatpak/gstreamer1-plugins-good", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "libreoffice:flatpak/gstreamer1-plugins-good", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-05-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-1920\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1920\nhttps://gstreamer.freedesktop.org/security/sa-2022-0004.html"], "threat_severity": "Moderate", "upstream_fix": "gstreamer-plugins-good 1.20.3"}