CVE-2022-1924
Description
Integer overflow in GStreamer's matroskademux LZO decompression can cause denial of service or potential heap overwrite.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Integer overflow in GStreamer's matroskademux LZO decompression can cause denial of service or potential heap overwrite.
Vulnerability
An integer overflow vulnerability exists in the LZO decompression function of the matroskademux element in GStreamer. When processing a crafted Matroska file with LZO-compressed data, the integer overflow can lead to a segmentation fault or, depending on the libc implementation and OS memory management, a heap overwrite. The issue affects GStreamer versions prior to the fix. [1]
Exploitation
An attacker can exploit this vulnerability by providing a malicious Matroska file containing specially crafted LZO-compressed data. No authentication or special network position is required; the victim must only open the file with a GStreamer-based application that uses the matroskademux element. The integer overflow occurs during memory reallocation, and the outcome depends on whether the libc uses mmap for large allocations. If mmap is used, the overflow results in a segfault; otherwise, it may cause a heap overwrite. [1]
Impact
Successful exploitation can lead to a denial of service via segmentation fault. In environments where the libc does not use mmap for large chunks, the heap overwrite could potentially be leveraged for arbitrary code execution, though the CVE description only confirms the possibility of a heap overwrite. The impact is limited to the context of the GStreamer process. [1]
Mitigation
The issue was reported in the GStreamer issue tracker and fixed in subsequent releases. Users should update to GStreamer 1.20.3 or later, or apply the patch referenced in the advisory. No workaround is available other than avoiding untrusted Matroska files until the update is applied. [1]
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
27- matroskademux/matroskademuxdescription
- osv-coords26 versionspkg:rpm/almalinux/gstreamer1-plugins-goodpkg:rpm/almalinux/gstreamer1-plugins-good-gtkpkg:rpm/opensuse/gstreamer-plugins-good&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/gstreamer-plugins-good&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/gstreamer-0_10-plugins-good&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 1.18.4-6.el9+ 25 more
- (no CPE)range: < 1.18.4-6.el9
- (no CPE)range: < 1.18.4-6.el9
- (no CPE)range: < 1.16.3-150200.3.9.1
- (no CPE)range: < 1.16.3-150200.3.9.1
- (no CPE)range: < 0.10.31-17.7.1
- (no CPE)range: < 1.16.3-150200.3.9.1
- (no CPE)range: < 1.16.3-150200.3.9.1
- (no CPE)range: < 1.16.3-150200.3.9.1
- (no CPE)range: < 1.16.3-150200.3.9.1
- (no CPE)range: < 1.20.1-150400.3.3.1
- (no CPE)range: < 1.8.3-16.6.2
- (no CPE)range: < 1.8.3-16.6.2
- (no CPE)range: < 1.8.3-16.6.2
- (no CPE)range: < 1.8.3-16.6.2
- (no CPE)range: < 1.12.5-150000.3.7.2
- (no CPE)range: < 1.16.3-150200.3.9.1
- (no CPE)range: < 1.16.3-150200.3.9.1
- (no CPE)range: < 1.8.3-16.6.2
- (no CPE)range: < 1.8.3-16.6.2
- (no CPE)range: < 1.12.5-150000.3.7.2
- (no CPE)range: < 1.16.3-150200.3.9.1
- (no CPE)range: < 1.16.3-150200.3.9.1
- (no CPE)range: < 1.16.3-150200.3.9.1
- (no CPE)range: < 1.16.3-150200.3.9.1
- (no CPE)range: < 1.8.3-16.6.2
- (no CPE)range: < 1.8.3-16.6.2
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
3- www.debian.org/security/2022/dsa-5204mitrevendor-advisoryx_refsource_DEBIAN
- gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2022/08/msg00001.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.