Summary: | <media-libs/gst-plugins-good-1.20.3: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | CONFIRMED --- | ||
Severity: | normal | CC: | gstreamer |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://gstreamer.freedesktop.org/security/sa-2022-0002.html | ||
Whiteboard: | B2 [glsa?] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 855980, 867784 | ||
Bug Blocks: |
Description
John Helmert III
2022-07-19 23:29:20 UTC
Two more. CVE-2022-1920 (https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1226): Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite. Advisory: https://gstreamer.freedesktop.org/security/sa-2022-0004.html Issue: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1226 Patch: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/cf887f1b8e228bff6e19829e6d03995d70ad739d CVE-2022-1921 (https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1224): Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite. Advisory: https://gstreamer.freedesktop.org/security/sa-2022-0001.html Issue: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1224 Patch: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f503caad676971933dc0b52c4b313e5ef0d6dbb0 commit 5ad596faf1741d32a5bd30ffdeba25b5e402bbca Author: Mart Raudsepp <leio@gentoo.org> Date: Sun Nov 20 18:31:15 2022 +0000 media-libs/gst-plugins-good: drop 1.20.2 |