OpenCVE

DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Gstreamer Project	Gstreamer
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
gstreamer1-plugins-good-0:1.18.4-6.el9	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:2260	2023-05-09T00:00:00Z

References

Link	Providers
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225
https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html
https://nvd.nist.gov/vuln/detail/CVE-2022-2122
https://www.cve.org/CVERecord?id=CVE-2022-2122
https://www.debian.org/security/2022/dsa-5204

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-07-19T19:10:55

Updated: 2024-08-03T00:24:44.188Z

Reserved: 2022-06-17T00:00:00

Link: CVE-2022-2122

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-07-19T20:15:11.140

Modified: 2022-10-07T14:05:25.093

Link: CVE-2022-2122

Redhat

Severity : Moderate

Publid Date: 2022-05-18T00:00:00Z

Links: CVE-2022-2122 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "GStreamer", "vendor": "n/a", "versions": [{"status": "affected", "version": "1.20.3"}]}], "descriptions": [{"lang": "en", "value": "DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "CWE-122", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-10T02:06:59", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225"}, {"name": "[debian-lts-announce] 20220809 [SECURITY] [DLA 3069-1] gst-plugins-good1.0 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html"}, {"name": "DSA-5204", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2022/dsa-5204"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2022-2122", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "GStreamer", "version": {"version_data": [{"version_value": "1.20.3"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-122"}]}]}, "references": {"reference_data": [{"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225", "refsource": "MISC", "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225"}, {"name": "[debian-lts-announce] 20220809 [SECURITY] [DLA 3069-1] gst-plugins-good1.0 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html"}, {"name": "DSA-5204", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5204"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:24:44.188Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225"}, {"name": "[debian-lts-announce] 20220809 [SECURITY] [DLA 3069-1] gst-plugins-good1.0 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html"}, {"name": "DSA-5204", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5204"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-2122", "datePublished": "2022-07-19T19:10:55", "dateReserved": "2022-06-17T00:00:00", "dateUpdated": "2024-08-03T00:24:44.188Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F0B9BDB-EABD-4940-A930-E032D1C9C99F", "versionEndExcluding": "1.20.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite."}, {"lang": "es", "value": "DOS / potencial escritura excesiva de la pila en qtdemux usando descompresi\u00f3n zlib. Desbordamiento de enteros en un elemento de qtdemux en la funci\u00f3n qtdemux_inflate que causa un segfault, o podr\u00eda causar una escritura excesiva de la pila, dependiendo de la libc y el SO. Dependiendo de la libc usada, y de las capacidades del SO subyacente, podr\u00eda ser s\u00f3lo un segfault o una escritura excesiva de la pila."}], "id": "CVE-2022-2122", "lastModified": "2022-10-07T14:05:25.093", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-19T20:15:11.140", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5204"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}, {"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-122"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:2260", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "gstreamer1-plugins-good-0:1.18.4-6.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}], "bugzilla": {"description": "gstreamer-plugins-good: Potential heap overwrite in mp4 demuxing using zlib decompression", "id": "2131018", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131018"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-190->CWE-122", "details": ["DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite.", "A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the qt demuxer when processing a specially crafted QuickTime/MP4 file using zlib decompression. This vulnerability can result in application crash, memory corruption, and code execution."], "name": "CVE-2022-2122", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "gstreamer-plugins-good", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "gstreamer1-plugins-good", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "gstreamer-plugins-good", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "gstreamer1-plugins-good", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "libreoffice:flatpak/gstreamer1-plugins-good", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "libreoffice:flatpak/gstreamer1-plugins-good", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-05-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-2122\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2122"], "threat_severity": "Moderate", "upstream_fix": "gstreamer-plugins-good 1.20.3"}