What is the vulnerability ID?

The vulnerability ID is CVE-2022-1921.

What is the severity of CVE-2022-1921?

The severity of CVE-2022-1921 is high with a CVSS score of 7.8.

Which software is affected by CVE-2022-1921?

The Gstreamer project Gstreamer versions up to 1.20.3, Debian Linux 10.0, and Debian Linux 11.0 are affected by CVE-2022-1921.

How can an attacker exploit CVE-2022-1921?

An attacker can exploit CVE-2022-1921 by parsing malicious avi files, leading to a heap overwrite and potentially arbitrary code execution.

How can I mitigate CVE-2022-1921?

To mitigate CVE-2022-1921, update the affected software to the specified versions: Gstreamer up to 1.20.3, Debian Linux 10.0, and Debian Linux 11.0.

Vulnerability/
CVE-2022-1921

high

7.8

CWE

190

19/7/2022

7/11/2022

CVE-2022-1921: Integer Overflow

First published: Tue Jul 19 2022(Updated: )

Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Gstreamer Project Gstreamer	<1.20.3
Debian Debian Linux	=10.0
Debian Debian Linux	=11.0
debian/gst-plugins-good1.0	<=1.14.4-1+deb10u1	1.14.4-1+deb10u3 1.18.4-2+deb11u2 1.22.0-5+deb12u1 1.22.6-1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2022-1921.
What is the severity of CVE-2022-1921?
The severity of CVE-2022-1921 is high with a CVSS score of 7.8.
Which software is affected by CVE-2022-1921?
The Gstreamer project Gstreamer versions up to 1.20.3, Debian Linux 10.0, and Debian Linux 11.0 are affected by CVE-2022-1921.
How can an attacker exploit CVE-2022-1921?
An attacker can exploit CVE-2022-1921 by parsing malicious avi files, leading to a heap overwrite and potentially arbitrary code execution.
How can I mitigate CVE-2022-1921?
To mitigate CVE-2022-1921, update the affected software to the specified versions: Gstreamer up to 1.20.3, Debian Linux 10.0, and Debian Linux 11.0.

collector/nvd-index
collector/security-tracker-debian
vendor/gstreamer project
canonical/gstreamer project gstreamer
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0
version/debian debian linux/11.0
package-manager/debian

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.