7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
28.5%
DOS / potential heap overwrite in mkv demuxing using lzo decompression.
Integer overflow in matroskademux element in lzo decompression function
which causes a segfault, or could cause a heap overwrite, depending on libc
and OS. Depending on the libc used, and the underlying OS capabilities, it
could be just a segfault or a heap overwrite. If the libc uses mmap for
large chunks, and the OS supports mmap, then it is just a segfault (because
the realloc before the integer overflow will use mremap to reduce the size
of the chunk, and it will start to write to unmapped memory). However, if
using a libc implementation that does not use mmap, or if the OS does not
support mmap while using libc, then this could result in a heap overwrite.
Author | Note |
---|---|
leosilva | same fix as CVE-2022-1922 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | gst-plugins-good1.0 | < 1.14.5-0ubuntu1~18.04.3 | UNKNOWN |
ubuntu | 20.04 | noarch | gst-plugins-good1.0 | < 1.16.3-0ubuntu1.1 | UNKNOWN |
ubuntu | 22.04 | noarch | gst-plugins-good1.0 | < 1.20.3-0ubuntu1 | UNKNOWN |
ubuntu | 16.04 | noarch | gst-plugins-good1.0 | < 1.8.3-1ubuntu0.5+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
28.5%