CVE-2022-1925 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2022-1925

CVE-2022-1925

July 19, 2022

DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks.

Related Resources (5)

https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html

https://www.debian.org/security/2022/dsa-5204

https://access.redhat.com/security/cve/CVE-2022-1925

https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225

https://security-tracker.debian.org/tracker/CVE-2022-1925

Do you need more information?

CVSS v4

Base Score:

8.5

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

PASSIVE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Weakness Type (CWE)

Integer Overflow or Wraparound

CWE-190

Heap-based Buffer Overflow

CWE-122

EPSS

Base Score:

0.06

Products

Solutions

Resources

Company

Compare

Developer Tools