CVE-2022-1925

Published: 7/19/2022 Last updated: 8/3/2024 Reserved: 5/27/2022

DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (2)

conf-gstreamer gstreamer

Products affected (1)

Product	Vendor	Version
GStreamer	n/a	<= 5.17.*

References (6)

https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225
https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html
https://www.debian.org/security/2022/dsa-5204
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225
https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html
https://www.debian.org/security/2022/dsa-5204