Headline
Ubuntu Security Notice USN-5555-1
Ubuntu Security Notice 5555-1 - It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
==========================================================================Ubuntu Security Notice USN-5555-1August 08, 2022gst-plugins-good1.0 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS- Ubuntu 16.04 ESMSummary:Several security issues were fixed in GStreamer Plugins Good.Software Description:- gst-plugins-good1.0: GStreamer pluginsDetails:It was discovered that GStreamer Good Plugins incorrectly handled certain files.An attacker could possibly use this issue to execute arbitrary code.(CVE-2022-1920, CVE-2022-1921)It was discovered that GStreamer Good Plugins incorrectly handled certain files.An attacker could possibly use this issue to cause a denial of service orexecute arbitrary code. (CVE-2022-1922, CVE-2022-1923, CVE-2022-1924,CVE-2022-1925, CVE-2022-2122)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS: gstreamer1.0-plugins-good 1.16.3-0ubuntu1.1Ubuntu 18.04 LTS: gstreamer1.0-plugins-good 1.14.5-0ubuntu1~18.04.3Ubuntu 16.04 ESM: gstreamer1.0-plugins-good 1.8.3-1ubuntu0.5+esm1In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-5555-1 CVE-2022-1920, CVE-2022-1921, CVE-2022-1922, CVE-2022-1923, CVE-2022-1924, CVE-2022-1925, CVE-2022-2122Package Information: https://launchpad.net/ubuntu/+source/gst-plugins-good1.0/1.16.3-0ubuntu1.1 https://launchpad.net/ubuntu/+source/gst-plugins-good1.0/1.14.5-0ubuntu1~18.04.3
Related news
Gentoo Linux Security Advisory 202409-13 - Multiple vulnerabilities have been discovered in gst-plugins-good, the worst of which could lead to denial of service or arbitrary code execution. Versions greater than or equal to 1.20.3 are affected.
Red Hat Security Advisory 2023-2260-01 - GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Issues addressed include a buffer overflow vulnerability.
An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1920: A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the mkv demuxer when processing a specially crafted Matroska file. This vulnerability can result in application crash, memory corruption, and code execution. * CVE-2022-1921: A flaw was found in GStreamer. An integer overflow can lead to ...
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.
Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite.
DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite.
Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite.