CVE-2022-2122
Description
Integer overflow in GStreamer's qtdemux_inflate function during zlib decompression can cause denial of service or potential heap overwrite.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Integer overflow in GStreamer's qtdemux_inflate function during zlib decompression can cause denial of service or potential heap overwrite.
Vulnerability
An integer overflow occurs in the qtdemux_inflate function of the qtdemux element in GStreamer when decompressing zlib-compressed data. This vulnerability can be triggered by processing a crafted QuickTime file. The overflow leads to a segfault or, depending on the libc and OS, a heap overwrite [1].
Exploitation
An attacker must supply a malicious QuickTime file with specially crafted compressed data. The user must open the file using an application that relies on GStreamer's qtdemux element, such as a media player. No additional privileges are required; the attack is remote via file delivery.
Impact
Successful exploitation results in denial of service (application crash due to segfault) or, under certain conditions, a heap overwrite that could potentially lead to arbitrary code execution. The actual impact depends on the libc implementation and operating system capabilities.
Mitigation
The issue was reported and a fix is available in the GStreamer git repository [1]. Users should update to a patched version of GStreamer. No specific fixed version is mentioned in the available references; consult the GStreamer project for the latest release containing the fix.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
28- qtdemux/qtdemuxdescription
- osv-coords26 versionspkg:rpm/almalinux/gstreamer1-plugins-goodpkg:rpm/almalinux/gstreamer1-plugins-good-gtkpkg:rpm/opensuse/gstreamer-plugins-good&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/gstreamer-plugins-good&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/gstreamer-0_10-plugins-good&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 1.18.4-6.el9+ 25 more
- (no CPE)range: < 1.18.4-6.el9
- (no CPE)range: < 1.18.4-6.el9
- (no CPE)range: < 1.16.3-150200.3.9.1
- (no CPE)range: < 1.16.3-150200.3.9.1
- (no CPE)range: < 0.10.31-17.7.1
- (no CPE)range: < 1.16.3-150200.3.9.1
- (no CPE)range: < 1.16.3-150200.3.9.1
- (no CPE)range: < 1.16.3-150200.3.9.1
- (no CPE)range: < 1.16.3-150200.3.9.1
- (no CPE)range: < 1.20.1-150400.3.3.1
- (no CPE)range: < 1.8.3-16.6.2
- (no CPE)range: < 1.8.3-16.6.2
- (no CPE)range: < 1.8.3-16.6.2
- (no CPE)range: < 1.8.3-16.6.2
- (no CPE)range: < 1.12.5-150000.3.7.2
- (no CPE)range: < 1.16.3-150200.3.9.1
- (no CPE)range: < 1.16.3-150200.3.9.1
- (no CPE)range: < 1.8.3-16.6.2
- (no CPE)range: < 1.8.3-16.6.2
- (no CPE)range: < 1.12.5-150000.3.7.2
- (no CPE)range: < 1.16.3-150200.3.9.1
- (no CPE)range: < 1.16.3-150200.3.9.1
- (no CPE)range: < 1.16.3-150200.3.9.1
- (no CPE)range: < 1.16.3-150200.3.9.1
- (no CPE)range: < 1.8.3-16.6.2
- (no CPE)range: < 1.8.3-16.6.2
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
3- www.debian.org/security/2022/dsa-5204mitrevendor-advisoryx_refsource_DEBIAN
- gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2022/08/msg00001.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.