OpenCVE

DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Gstreamer Project	Gstreamer
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
gstreamer1-plugins-good-0:1.18.4-6.el9	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:2260	2023-05-09T00:00:00Z

References

Link	Providers
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225
https://gstreamer.freedesktop.org/security/sa-2022-0002.html
https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html
https://nvd.nist.gov/vuln/detail/CVE-2022-1925
https://www.cve.org/CVERecord?id=CVE-2022-1925
https://www.debian.org/security/2022/dsa-5204

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-07-19T19:10:49

Updated: 2024-08-03T00:17:00.947Z

Reserved: 2022-05-27T00:00:00

Link: CVE-2022-1925

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-07-19T20:15:11.080

Modified: 2023-06-27T15:50:42.127

Link: CVE-2022-1925

Redhat

Severity : Moderate

Publid Date: 2022-05-18T00:00:00Z

Links: CVE-2022-1925 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "GStreamer", "vendor": "n/a", "versions": [{"status": "affected", "version": "1.20.3"}]}], "descriptions": [{"lang": "en", "value": "DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "CWE-122", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-10T02:07:39", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225"}, {"name": "[debian-lts-announce] 20220809 [SECURITY] [DLA 3069-1] gst-plugins-good1.0 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html"}, {"name": "DSA-5204", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2022/dsa-5204"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2022-1925", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "GStreamer", "version": {"version_data": [{"version_value": "1.20.3"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-122"}]}]}, "references": {"reference_data": [{"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225", "refsource": "MISC", "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225"}, {"name": "[debian-lts-announce] 20220809 [SECURITY] [DLA 3069-1] gst-plugins-good1.0 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html"}, {"name": "DSA-5204", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5204"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:17:00.947Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225"}, {"name": "[debian-lts-announce] 20220809 [SECURITY] [DLA 3069-1] gst-plugins-good1.0 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html"}, {"name": "DSA-5204", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5204"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-1925", "datePublished": "2022-07-19T19:10:49", "dateReserved": "2022-05-27T00:00:00", "dateUpdated": "2024-08-03T00:17:00.947Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F0B9BDB-EABD-4940-A930-E032D1C9C99F", "versionEndExcluding": "1.20.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks."}, {"lang": "es", "value": "DOS / potencial escritura excesiva de la pila en la demuxaci\u00f3n de mkv usando la descompresi\u00f3n HEADERSTRIP. Desbordamiento de enteros en el elemento matroskaparse en la funci\u00f3n gst_matroska_decompress_data que causa un desbordamiento del mont\u00f3n. Debido a las restricciones en el tama\u00f1o de los trozos en el elemento matroskademux, el desbordamiento no puede ser provocado, sin embargo el elemento matroskaparse no presenta comprobaciones de tama\u00f1o."}], "id": "CVE-2022-1925", "lastModified": "2023-06-27T15:50:42.127", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-19T20:15:11.080", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5204"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-122"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:2260", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "gstreamer1-plugins-good-0:1.18.4-6.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}], "bugzilla": {"description": "gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using HEADERSTRIP decompression", "id": "2131007", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131007"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-190->CWE-122", "details": ["DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks.", "A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the mkv demuxer when processing a specially crafted Matroska/WebM file using HEADERSTRIP decompression. This vulnerability can result in application crash, memory corruption, and code execution."], "name": "CVE-2022-1925", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "gstreamer-plugins-good", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "gstreamer1-plugins-good", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "gstreamer-plugins-good", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "gstreamer1-plugins-good", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "libreoffice:flatpak/gstreamer1-plugins-good", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "libreoffice:flatpak/gstreamer1-plugins-good", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-05-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-1925\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1925\nhttps://gstreamer.freedesktop.org/security/sa-2022-0002.html"], "threat_severity": "Moderate", "upstream_fix": "gstreamer-plugins-good 1.20.3"}