What is CVE-2022-1920?

CVE-2022-1920 is an integer overflow vulnerability in the matroskademux element in the gst_matroska_demux_add_wvpk_header function of Gstreamer, which allows a heap overwrite while parsing matroska files and has the potential for arbitrary code execution.

How does CVE-2022-1920 affect Gstreamer?

CVE-2022-1920 affects Gstreamer versions up to and including 1.20.3.

How does CVE-2022-1920 affect Debian Linux?

CVE-2022-1920 affects Debian Linux versions 10.0 and 11.0.

What is the severity of CVE-2022-1920?

CVE-2022-1920 has a severity rating of 7.8, indicating a high severity.

How can I fix CVE-2022-1920?

To fix CVE-2022-1920, you should update to the latest version of Gstreamer (1.22.6-1) or apply the appropriate security update for your Debian Linux distribution.

Vulnerability/
CVE-2022-1920

high

7.8

CWE

190 787 122

19/7/2022

3/8/2024

CVE-2022-1920: Integer Overflow

First published: Tue Jul 19 2022(Updated: )

Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Gstreamer Project Gstreamer	<1.20.3
Debian Debian Linux	=10.0
Debian Debian Linux	=11.0
debian/gst-plugins-good1.0	<=1.14.4-1+deb10u1	1.14.4-1+deb10u3 1.18.4-2+deb11u2 1.22.0-5+deb12u1 1.22.6-1

Remedy

https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1226

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-1920?
CVE-2022-1920 is an integer overflow vulnerability in the matroskademux element in the gst_matroska_demux_add_wvpk_header function of Gstreamer, which allows a heap overwrite while parsing matroska files and has the potential for arbitrary code execution.
How does CVE-2022-1920 affect Gstreamer?
CVE-2022-1920 affects Gstreamer versions up to and including 1.20.3.
How does CVE-2022-1920 affect Debian Linux?
CVE-2022-1920 affects Debian Linux versions 10.0 and 11.0.
What is the severity of CVE-2022-1920?
CVE-2022-1920 has a severity rating of 7.8, indicating a high severity.
How can I fix CVE-2022-1920?
To fix CVE-2022-1920, you should update to the latest version of Gstreamer (1.22.6-1) or apply the appropriate security update for your Debian Linux distribution.

collector/nvd-index
collector/security-tracker-debian
agent/weakness
agent/severity
agent/references
agent/author
agent/type
agent/description
agent/event
agent/last-modified-date
agent/remedy
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/gstreamer project
canonical/gstreamer project gstreamer
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0
version/debian debian linux/11.0
package-manager/debian

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.