Product:

Gstreamer

(Gstreamer_project)
Repositories https://github.com/GStreamer/gst-plugins-ugly
#Vulnerabilities 29
Date Id Summary Products Score Patch Annotated
2022-07-19 CVE-2022-1923 DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use... Debian_linux, Gstreamer 7.8
2022-07-19 CVE-2022-1924 DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use... Debian_linux, Gstreamer 7.8
2022-07-19 CVE-2022-1925 DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks. Debian_linux, Gstreamer 7.8
2009-03-14 CVE-2009-0586 Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow. Ubuntu_linux, Gstreamer N/A
2022-07-19 CVE-2022-1921 Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite. Debian_linux, Gstreamer 7.8
2021-04-19 CVE-2021-3498 GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files. Debian_linux, Gstreamer, Enterprise_linux 7.8
2022-07-19 CVE-2022-1920 Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite. Debian_linux, Gstreamer 7.8
2022-07-19 CVE-2022-2122 DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. Debian_linux, Gstreamer 7.8
2021-04-19 CVE-2021-3497 GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. Debian_linux, Gstreamer, Enterprise_linux 7.8
2021-06-02 CVE-2021-3522 GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags. Gstreamer, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_management_node, Oncommand_insight, Oncommand_workflow_automation, Santricity_unified_manager, Snapmanager, Solidfire, Openjdk 5.5