PT-2022-5193 · Gstreamer+8 · Gstreamer+8

Adam Doupe

Published

2022-05-18

Updated

2024-09-10

CVE-2022-1920

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Gstreamer (affected versions not specified)

Description The issue is caused by an integer overflow in the gst matroska demux add wvpk header function of the Gstreamer multimedia framework, which can lead to a heap overwrite when parsing matroska files. This may allow an attacker to execute arbitrary code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Integer Overflow

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-190CWE-122

Related Identifiers

ALSA-2023:2260

ALT-PU-2022-2059

ALT-PU-2022-2898

BDU:2022-06450

CVE-2022-1920

DLA-3069-1

DSA-5204-1

MGASA-2022-0322

MGASA-2023-0354

OESA-2022-1736

OPENSUSE-SU-2022_2957-1

OPENSUSE-SU-2022_3908-1

OPENSUSE-SU-2024:12709-1

RHSA-2023:2260

RHSA-2023_2260

ROSA-SA-2024-2462

SUSE-SU-2022:2911-1

SUSE-SU-2022:2957-1

SUSE-SU-2022:3906-1

SUSE-SU-2022:3908-1

SUSE-SU-2022_2911-1

SUSE-SU-2022_2957-1

SUSE-SU-2022_3908-1

SUSE-SU-2023:3688-1

USN-5555-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Gstreamer

Linuxmint

Red Hat

Red Os

Suse

Ubuntu

PT-2022-5193 · Gstreamer+8 · Gstreamer+8

CVE-2022-1920

Weakness Enumeration

Related Identifiers

Affected Products

References · 95