Denial of Service and Potential Heap Overwrite in GStreamer Plugin by Red Hat
CVE-2022-2122

7.8HIGH

Key Information:

Vendor

Gstreamer Project

Status
Gstreamer
Vendor
CVE Published:
19 July 2022

What is CVE-2022-2122?

The GStreamer plugin has a vulnerability in the qtdemux element causing a Denial of Service due to an integer overflow in the qtdemux_inflate function. This issue can lead to a segment fault or, depending on the libc and operating system used, it might result in a heap overwrite. This specific vulnerability poses severe risks for applications utilizing GStreamer, allowing an attacker to potentially exploit the underlying system's memory, leading to unauthorized access or disruptions.

Affected Version(s)

GStreamer 1.20.3

References

https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issu...
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2022/08/msg0...
mailing-listx_refsource_MLIST
https://www.debian.org/security/2022/dsa-5204
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.