Alerts This Week
Warning Icon 1 1,071
Alerts This Week
Warning Icon 1 1,071

SUSE: 2022:3906-1 Moderate: Gstreamer 0_10 Plugin Integer Overflow

suse
Calendar Grey November 8, 2022
Dist Suse Esm H88
Announcement of gstreamer-0_10-plugins-bad update issued, addressing several critical buffer overflow vulnerabilities while improving general system robustness.
An update that fixes 7 vulnerabilities is now available

Summary

This update for gstreamer-0_10-plugins-good fixes the following issues: - CVE-2022-1920: Fixed an integer overflow while parsing matroska files (bsc#1201688). - CVE-2022-1921: Fixed an integer overflow while parsing avi files (bsc#1201693). - CVE-2022-1922: Fixed an integer overflow during mkv demuxing using zlib decompression (bsc#1201702). - CVE-2022-1923: Fixed an integer overflow during mkv demuxing using bzip decompression (bsc#1201704). - CVE-2022-1924: Fixed an integer overflow during mkv demuxing using lzo decompression (bsc#1201706). - CVE-2022-1925: Fixed an integer overflow during mkv demuxing using HEADERSTRIP decompression (bsc#1201707). - CVE-2022-2122: Fixed an integer overflow in qtdemux using zlib decompression (bsc#1201708). Patch Instructions:

Topics%20covered

Topics Covered

security advisory moderate security update integer overflow SUSE gstreamer patch instructions

References

#1201688 #1201693 #1201702 #1201704 #1201706

#1201707 #1201708

Cross- CVE-2022-1920 CVE-2022-1921 CVE-2022-1922

CVE-2022-1923 CVE-2022-1924 CVE-2022-1925

CVE-2022-2122

CVSS scores:

CVE-2022-1920 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-1920 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

CVE-2022-1921 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-1921 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

CVE-2022-1922 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-1922 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

CVE-2022-1923 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-1923 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

Announcement ID: SUSE-SU-2022:3906-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate security update integer overflow SUSE gstreamer patch instructions

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here