CVE-2022-1922: DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. CVE-2022-1923: DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. CVE-2022-1924: DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. CVE-2022-1925: DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks. CVE-2022-2122: DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. Issue: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 Patches: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/14d306da6da51a762c4dc701d161bb52ab66d774 https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ad6012159acf18c6b5c0f4edf037e8c9a2dbc966 Please bump to 1.20.3.
Two more. CVE-2022-1920 (https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1226): Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite. Advisory: https://gstreamer.freedesktop.org/security/sa-2022-0004.html Issue: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1226 Patch: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/cf887f1b8e228bff6e19829e6d03995d70ad739d CVE-2022-1921 (https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1224): Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite. Advisory: https://gstreamer.freedesktop.org/security/sa-2022-0001.html Issue: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1224 Patch: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f503caad676971933dc0b52c4b313e5ef0d6dbb0
commit 5ad596faf1741d32a5bd30ffdeba25b5e402bbca Author: Mart Raudsepp <leio@gentoo.org> Date: Sun Nov 20 18:31:15 2022 +0000 media-libs/gst-plugins-good: drop 1.20.2
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=88c3385543c5b80795f92d56df5f5cfb8b0c16a7 commit 88c3385543c5b80795f92d56df5f5cfb8b0c16a7 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-09-22 07:13:16 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-09-22 07:13:35 +0000 [ GLSA 202409-13 ] gst-plugins-good: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/859418 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202409-13.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+)
