rpm package
opensuse/gstreamer-plugins-good&distro=openSUSE Leap 15.3
pkg:rpm/opensuse/gstreamer-plugins-good&distro=openSUSE%20Leap%2015.3
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-1924 | — | < 1.16.3-150200.3.9.1 | 1.16.3-150200.3.9.1 | Jul 19, 2022 | DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS ca | ||
| CVE-2022-1923 | — | < 1.16.3-150200.3.9.1 | 1.16.3-150200.3.9.1 | Jul 19, 2022 | DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS | ||
| CVE-2022-2122 | — | < 1.16.3-150200.3.9.1 | 1.16.3-150200.3.9.1 | Jul 19, 2022 | DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, | ||
| CVE-2022-1925 | — | < 1.16.3-150200.3.9.1 | 1.16.3-150200.3.9.1 | Jul 19, 2022 | DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be | ||
| CVE-2022-1922 | — | < 1.16.3-150200.3.9.1 | 1.16.3-150200.3.9.1 | Jul 19, 2022 | DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the unde | ||
| CVE-2022-1920 | — | < 1.16.3-150200.3.9.1 | 1.16.3-150200.3.9.1 | Jul 19, 2022 | Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite. | ||
| CVE-2022-1921 | — | < 1.16.3-150200.3.9.1 | 1.16.3-150200.3.9.1 | Jul 19, 2022 | Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite. | ||
| CVE-2021-3498 | — | < 1.16.3-3.6.1 | 1.16.3-3.6.1 | Apr 19, 2021 | GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files. | ||
| CVE-2021-3497 | — | < 1.16.3-3.6.1 | 1.16.3-3.6.1 | Apr 19, 2021 | GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. | ||
| CVE-2021-3185 | — | < 1.16.3-3.3.1 | 1.16.3-3.3.1 | Jan 25, 2021 | A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution. |
- CVE-2022-1924Jul 19, 2022affected < 1.16.3-150200.3.9.1fixed 1.16.3-150200.3.9.1
DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS ca
- CVE-2022-1923Jul 19, 2022affected < 1.16.3-150200.3.9.1fixed 1.16.3-150200.3.9.1
DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS
- CVE-2022-2122Jul 19, 2022affected < 1.16.3-150200.3.9.1fixed 1.16.3-150200.3.9.1
DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities,
- CVE-2022-1925Jul 19, 2022affected < 1.16.3-150200.3.9.1fixed 1.16.3-150200.3.9.1
DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be
- CVE-2022-1922Jul 19, 2022affected < 1.16.3-150200.3.9.1fixed 1.16.3-150200.3.9.1
DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the unde
- CVE-2022-1920Jul 19, 2022affected < 1.16.3-150200.3.9.1fixed 1.16.3-150200.3.9.1
Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite.
- CVE-2022-1921Jul 19, 2022affected < 1.16.3-150200.3.9.1fixed 1.16.3-150200.3.9.1
Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite.
- CVE-2021-3498Apr 19, 2021affected < 1.16.3-3.6.1fixed 1.16.3-3.6.1
GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.
- CVE-2021-3497Apr 19, 2021affected < 1.16.3-3.6.1fixed 1.16.3-3.6.1
GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.
- CVE-2021-3185Jan 25, 2021affected < 1.16.3-3.3.1fixed 1.16.3-3.3.1
A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution.