{"id":"CVE-2022-1925","details":"DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks.","modified":"2026-04-10T04:42:56.665775Z","published":"2022-07-19T20:15:11.080Z","related":["ALSA-2023:2260","MGASA-2022-0322","MGASA-2023-0354","SUSE-SU-2022:2911-1","SUSE-SU-2022:2957-1","SUSE-SU-2022:3906-1","SUSE-SU-2022:3908-1","SUSE-SU-2023:3688-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5204"},{"type":"FIX","url":"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gstreamer/gstreamer","events":[{"introduced":"0"},{"fixed":"ccf22e315cedf81e0075ab179ffb1b733da5206e"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.20.3"}]}}],"versions":["1.0.0","1.0.1","1.0.2","1.1.1","1.1.2","1.1.3","1.1.4","1.1.90","1.10.0","1.11.0","1.11.1","1.11.2","1.11.90","1.11.91","1.12.0","1.13.1","1.13.90","1.13.91","1.14.0","1.15.1","1.15.2","1.15.90","1.16.0","1.17.1","1.17.2","1.17.90","1.18.0","1.19.1","1.19.2","1.19.3","1.19.90","1.2.0","1.20.0","1.20.1","1.20.2","1.3.1","1.3.2","1.3.3","1.3.90","1.3.91","1.4.0","1.5.1","1.5.2","1.5.90","1.5.91","1.6.0","1.7.1","1.7.2","1.7.90","1.7.91","1.8.0","1.9.1","1.9.2","1.9.90","BEFORE_INDENT","BRANCH-AUTOPLUG2-ROOT","BRANCH-BUILD1-200112061-ROOT","BRANCH-BUILD1-200112101-ROOT","BRANCH-BUILD1-20011216-FREEZE","BRANCH-BUILD1-ROOT","BRANCH-CAPSNEGO1-ROOT","BRANCH-ERROR-ROOT","BRANCH-EVENTS1-200110161-ROOT","BRANCH-EVENTS1-ROOT","BRANCH-EVENTS2-ROOT","BRANCH-GOBJECT1-200106241-ROOT","BRANCH-GOBJECT1-ROOT","BRANCH-GSTREAMER-0_6-ROOT","BRANCH-GSTREAMER-0_8-ROOT","BRANCH-INCSCHED1-200104161-ROOT","BRANCH-INCSCHED1-200104251-ROOT","BRANCH-INCSCHED1-200105231-ROOT","BRANCH-INCSCHED1-200105251-ROOT","BRANCH-INCSCHED1-ROOT","BRANCH-PLUGINVER1-20010422-ROOT","BRANCH-PLUGINVER1-ROOT","BRANCH-RELEASE-0_3_3-ROOT","BRANCH-RELEASE-0_3_4-ROOT","BRANCH-RELEASE-0_4_0-ROOT","BRANCH-RELEASE-0_4_1-ROOT","BRANCH-RELEASE-0_4_2-ROOT","BRANCH-RELEASE-0_5_0-ROOT","BRANCH-RELEASE-0_5_1-ROOT","BRANCH-RELEASE-0_5_2-ROOT","BRANCH-RELEASE-0_7_2-ROOT","BRANCH-RELEASE-0_7_4-ROOT","BRANCH-RELEASE-0_7_5-ROOT","CAPS-MERGE-1","CAPS-MERGE-2","CAPS-MERGE-3","CAPS-ROOT","CHANGELOG_START","DEBIAN-0_3_1-1","EVENTS1-200110161-FREEZE","GIT_CONVERSION","GOBJECT1-200106241","GOBJECT1-200106241-FREEZE","HEAD-20010306-PRE_AUTOPLUG2","HEAD-20010312-PRE_CAPSNEGO1","INCSCHED1-200105251","INCSCHED1-200105251-FREEZE","MOVE-TO-FDO","OSLOSUMMIT1-200303051","PLUGINVER1-20010422","PLUGINVER1-20010422-FREEZE","RELEASE-0.10.23","RELEASE-0.10.24","RELEASE-0.10.25","RELEASE-0.10.26","RELEASE-0.10.27","RELEASE-0.10.28","RELEASE-0.10.29","RELEASE-0.10.30","RELEASE-0.10.31","RELEASE-0.11.0","RELEASE-0.11.1","RELEASE-0.11.2","RELEASE-0.11.90","RELEASE-0.11.91","RELEASE-0.11.92","RELEASE-0.11.93","RELEASE-0.11.94","RELEASE-0.11.99","RELEASE-0_10_0","RELEASE-0_10_1","RELEASE-0_10_10","RELEASE-0_10_11","RELEASE-0_10_12","RELEASE-0_10_13","RELEASE-0_10_14","RELEASE-0_10_15","RELEASE-0_10_16","RELEASE-0_10_17","RELEASE-0_10_18","RELEASE-0_10_2","RELEASE-0_10_20","RELEASE-0_10_21","RELEASE-0_10_22","RELEASE-0_10_3","RELEASE-0_10_4","RELEASE-0_10_5","RELEASE-0_10_6","RELEASE-0_10_7","RELEASE-0_10_8","RELEASE-0_10_9","RELEASE-0_1_0-SLIPSTREAM","RELEASE-0_1_1-DUCTTAPE","RELEASE-0_2_0-CRITICALMASS","RELEASE-0_2_1-SEDIMASTER","RELEASE-0_2_1-UNKN","RELEASE-0_3_0-EVENTFUL","RELEASE-0_3_1-BELGIANBEER","RELEASE-0_3_2-DOBDAY","RELEASE-0_7_1","RELEASE-0_7_2","RELEASE-0_7_3","RELEASE-0_7_6","RELEASE-0_8_0","RELEASE-0_8_1","RELEASE-0_8_2","RELEASE-0_8_3","RELEASE-0_8_4","RELEASE-0_8_6","RELEASE-0_8_7","RELEASE-0_8_8","RELEASE-0_8_9","RELEASE-0_9_2","RELEASE-0_9_3","RELEASE-0_9_4","RELEASE-0_9_5","RELEASE-0_9_6","RELEASE-0_9_7","TYPEFIND-ROOT","monorepo-start","start"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1925.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}