Описание
Security update for gstreamer-plugins-good
This update for gstreamer-plugins-good fixes the following issues:
- CVE-2022-1920: Fixed integer overflow in WavPack header handling code (bsc#1201688).
- CVE-2022-1921: Fixed integer overflow resulting in heap corruption in avidemux element (bsc#1201693).
- CVE-2022-1922: Fixed integer overflows in mkv demuxing (bsc#1201702).
- CVE-2022-1923: Fixed integer overflows in mkv demuxing using bzip (bsc#1201704).
- CVE-2022-1924: Fixed integer overflows in mkv demuxing using lzo (bsc#1201706).
- CVE-2022-1925: Fixed integer overflows in mkv demuxing using HEADERSTRIP (bsc#1201707).
- CVE-2022-2122: Fixed integer overflows in qtdemux using zlib (bsc#1201708).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP4
openSUSE Leap 15.4
Ссылки
- Link for SUSE-SU-2022:3908-1
- E-Mail link for SUSE-SU-2022:3908-1
- SUSE Security Ratings
- SUSE Bug 1201688
- SUSE Bug 1201693
- SUSE Bug 1201702
- SUSE Bug 1201704
- SUSE Bug 1201706
- SUSE Bug 1201707
- SUSE Bug 1201708
- SUSE CVE CVE-2022-1920 page
- SUSE CVE CVE-2022-1921 page
- SUSE CVE CVE-2022-1922 page
- SUSE CVE CVE-2022-1923 page
- SUSE CVE CVE-2022-1924 page
- SUSE CVE CVE-2022-1925 page
- SUSE CVE CVE-2022-2122 page
Описание
Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite.
Затронутые продукты
Ссылки
- CVE-2022-1920
- SUSE Bug 1201688
Описание
Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite.
Затронутые продукты
Ссылки
- CVE-2022-1921
- SUSE Bug 1201693
Описание
DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.
Затронутые продукты
Ссылки
- CVE-2022-1922
- SUSE Bug 1201702
Описание
DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.
Затронутые продукты
Ссылки
- CVE-2022-1923
- SUSE Bug 1201704
Описание
DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.
Затронутые продукты
Ссылки
- CVE-2022-1924
- SUSE Bug 1201706
Описание
DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks.
Затронутые продукты
Ссылки
- CVE-2022-1925
- SUSE Bug 1201707
Описание
DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite.
Затронутые продукты
Ссылки
- CVE-2022-2122
- SUSE Bug 1201708