Integer Overflow Vulnerability in GStreamer Avidemux Element
CVE-2022-1921

7.8HIGH

Key Information:

Vendor: Gstreamer Project
Status: Gstreamer
Vendor: CVE Published:; 19 July 2022

🔔 Create Gstreamer Project Vulnerability Alert

What is CVE-2022-1921?

The GStreamer framework contains an integer overflow issue within the avidemux element, specifically in the gst_avi_demux_invert function. This vulnerability arises when parsing AVI files, leading to a potential heap overwrite. Exploiting this flaw could allow attackers to execute arbitrary code on affected systems, posing a significant risk to data integrity and system security.

Affected Version(s)

GStreamer 1.20.3

References

https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issu...

https://lists.debian.org/debian-lts-announce/2022/08/msg0...

mailing-list

https://www.debian.org/security/2022/dsa-5204

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 19, 2022
Vulnerability Reserved
May 27, 2022