Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2022-1920

Published: 19 July 2022

Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite.

Priority

Medium

Cvss 3 Severity Score

7.8

Score breakdown

Status

Package Release Status
gst-plugins-good1.0
Launchpad, Ubuntu, Debian
bionic
Released (1.14.5-0ubuntu1~18.04.3)
focal
Released (1.16.3-0ubuntu1.1)
impish Ignored
(reached end-of-life)
jammy
Released (1.20.3-0ubuntu1)
kinetic Not vulnerable

trusty Ignored
(out of standard support)
upstream
Released (1.20.3)
xenial
Released (1.8.3-1ubuntu0.5+esm1)
Patches:
upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/cf887f1b8e228bff6e19829e6d03995d70ad739d

Severity score breakdown

Parameter Value
Base score 7.8
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H