Fluid Attacks Database

Description

DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	gst-plugins-good1.0	>=0 <1.20.3-1	1.20.3-1
debian 13	gst-plugins-good1.0	>=0 <1.20.3-1	1.20.3-1
debian 11	gst-plugins-good1.0	=1.18.4-2 \|\| >=0 <1.18.4-2+deb11u1	1.18.4-2+deb11u1
debian 14	gst-plugins-good1.0	>=0 <1.20.3-1	1.20.3-1
rpm rhel6	gstreamer-plugins-good	-	-
rpm rhel7	gstreamer-plugins-good	-	-
rpm rhel7	gstreamer1-plugins-good	-	-
rpm rhel9	gstreamer1-plugins-good	<0:1.18.4-6.el9	0:1.18.4-6.el9
rpm rhel8	gstreamer1-plugins-good	-	-

Aliases

1. CVE-2022-19252. NVD-2022-19253. OSV-DEBIAN-2022-19254. OSV-2022-19255. SECURITY-TRACKER-CVE-2022-1925

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.