Adam Doupe

**Name of the Vulnerable Software and Affected Versions** Gstreamer (affected versions not specified) **Description** The issue is related to a potential heap overwrite in the qtdemux element using zlib decompression. This is caused by an integer overflow in the `qtdemux inflate` function, which can result in a segfault or a heap overwrite, depending on the libc used and the underlying OS capabilities. The exploitation of this issue could impact the confidentiality, integrity, and availability of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gstreamer (affected versions not specified) **Description** The issue is related to an integer overflow in the matroskademux element in the lzo decompression function, which can cause a segfault or potentially a heap overwrite, depending on the libc used and the underlying OS capabilities. This could allow an attacker to access confidential data, disrupt its integrity, and cause a denial of service using a specially crafted file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gstreamer (affected versions not specified) **Description** The issue is caused by an integer overflow in the `gst matroska demux add wvpk header` function of the Gstreamer multimedia framework, which can lead to a heap overwrite when parsing matroska files. This may allow an attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gstreamer (affected versions not specified) **Description** The issue is caused by an integer overflow in the `gst matroska decompress data` function of the Gstreamer multimedia framework. This can lead to a potential heap overflow, allowing an attacker to cause a denial of service. The `matroskaparse` element has no size checks, which can trigger the overflow. However, due to restrictions on chunk sizes in the `matroskademux` element, the overflow cannot be triggered in that specific case. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gstreamer (affected versions not specified) **Description** The issue is caused by an integer overflow in the `gst matroska decompress data` function of the matroskademux element, which can lead to a segfault or a potential heap overwrite, depending on the libc used and the underlying OS capabilities. This can result in an impact on the confidentiality, integrity, and availability of protected information. The exploitation of this issue may allow an attacker to compromise the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gstreamer (affected versions not specified) **Description** The issue is related to an integer overflow in the matroskademux element in the bzip decompression function, which can cause a segfault or potentially a heap overwrite, depending on the libc used and the underlying OS capabilities. This could allow an attacker to access confidential data, compromise its integrity, and cause a denial of service using a specially crafted file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gstreamer (affected versions not specified) **Description** The issue is caused by an integer overflow in the `gst avi demux invert` function of the avidemux element in the Gstreamer multimedia framework. This overflow allows a heap overwrite while parsing avi files, potentially enabling arbitrary code execution through the heap overwrite. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.