Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:2260: Red Hat Security Advisory: gstreamer1-plugins-good security update

An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-1920: A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the mkv demuxer when processing a specially crafted Matroska file. This vulnerability can result in application crash, memory corruption, and code execution.
  • CVE-2022-1921: A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the avi demuxer when processing a specially crafted AVI file. This vulnerability can result in application crash, memory corruption, and code execution.
  • CVE-2022-1922: A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the mkv demuxer when processing a specially crafted Matroska/WebM file using zlib decompression. This vulnerability can result in application crash, memory corruption, and code execution.
  • CVE-2022-1923: A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the mkv demuxer when processing a specially crafted Matroska/WebM file using bzip decompression. This vulnerability can result in application crash, memory corruption, and code execution.
  • CVE-2022-1924: A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the mkv demuxer when processing a specially crafted Matroska/WebM file using lzo decompression. This vulnerability can result in application crash, memory corruption, and code execution.
  • CVE-2022-1925: A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the mkv demuxer when processing a specially crafted Matroska/WebM file using HEADERSTRIP decompression. This vulnerability can result in application crash, memory corruption, and code execution.
  • CVE-2022-2122: A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the qt demuxer when processing a specially crafted QuickTime/MP4 file using zlib decompression. This vulnerability can result in application crash, memory corruption, and code execution.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#buffer_overflow#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-05-09

Updated:

2023-05-09

RHSA-2023:2260 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: gstreamer1-plugins-good security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.

Security Fix(es):

  • gstreamer-plugins-good: Potential heap overwrite in gst_matroska_demux_add_wvpk_header() (CVE-2022-1920)
  • gstreamer-plugins-good: Heap-based buffer overflow in the avi demuxer when handling certain AVI files (CVE-2022-1921)
  • gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using zlib decompression (CVE-2022-1922)
  • gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using bz2 decompression (CVE-2022-1923)
  • gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using lzo decompression (CVE-2022-1924)
  • gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using HEADERSTRIP decompression (CVE-2022-1925)
  • gstreamer-plugins-good: Potential heap overwrite in mp4 demuxing using zlib decompression (CVE-2022-2122)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64

Fixes

  • BZ - 2130935 - CVE-2022-1920 gstreamer-plugins-good: Potential heap overwrite in gst_matroska_demux_add_wvpk_header()
  • BZ - 2130949 - CVE-2022-1921 gstreamer-plugins-good: Heap-based buffer overflow in the avi demuxer when handling certain AVI files
  • BZ - 2130955 - CVE-2022-1922 gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using zlib decompression
  • BZ - 2130959 - CVE-2022-1923 gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using bz2 decompression
  • BZ - 2131003 - CVE-2022-1924 gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using lzo decompression
  • BZ - 2131007 - CVE-2022-1925 gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using HEADERSTRIP decompression
  • BZ - 2131018 - CVE-2022-2122 gstreamer-plugins-good: Potential heap overwrite in mp4 demuxing using zlib decompression

CVEs

  • CVE-2022-1920
  • CVE-2022-1921
  • CVE-2022-1922
  • CVE-2022-1923
  • CVE-2022-1924
  • CVE-2022-1925
  • CVE-2022-2122

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

Red Hat Enterprise Linux for x86_64 9

SRPM

gstreamer1-plugins-good-1.18.4-6.el9.src.rpm

SHA-256: 8a9cfba785808125d90b997020e79fbffe3f7fddd9cd24a5a3d3c1637c6ad038

x86_64

gstreamer1-plugins-good-1.18.4-6.el9.i686.rpm

SHA-256: 439294e83e084d14ad93c5d27919b0e382079d1e2eb6caa7607db465e4f6c733

gstreamer1-plugins-good-1.18.4-6.el9.x86_64.rpm

SHA-256: 0a6a86d781e6a87dba9f38df9ac7bd7b1496dae31c6a431e233df7b86c20d358

gstreamer1-plugins-good-debuginfo-1.18.4-6.el9.i686.rpm

SHA-256: 4bb0913e40fa15bd3efcd7fbedd0f192ba597158705f94e7ccbe461efddde884

gstreamer1-plugins-good-debuginfo-1.18.4-6.el9.x86_64.rpm

SHA-256: 45ef82dbcd2a272abf953c53ea7c514f8699725308afb478a6b8c7f577bb91f5

gstreamer1-plugins-good-debugsource-1.18.4-6.el9.i686.rpm

SHA-256: 590520ec6e57987c1f77e11029ffd793cf3261b16d984f0c9ade52a24e959b1e

gstreamer1-plugins-good-debugsource-1.18.4-6.el9.x86_64.rpm

SHA-256: c46e259d56eb17f2b8b101748944e03d749c097ce8969930723f27d9cccec04b

gstreamer1-plugins-good-gtk-1.18.4-6.el9.i686.rpm

SHA-256: f087b1845add6b4981d6fb46ff1b61e4d8e95cd6f732ec646b9f90156fd576f9

gstreamer1-plugins-good-gtk-1.18.4-6.el9.x86_64.rpm

SHA-256: f713d14eebb6c03693bc611e41de25ae650232fddbfeb8115f145eaf346c584e

gstreamer1-plugins-good-gtk-debuginfo-1.18.4-6.el9.i686.rpm

SHA-256: 3ef36ac7d6c74f1ce4fdf4d4849040ae092b5c880efc1912e2b81e07cea1d536

gstreamer1-plugins-good-gtk-debuginfo-1.18.4-6.el9.x86_64.rpm

SHA-256: 97f299afc4400f30639670cf25d55677ec33b0e7e5eef05093d076b3c91951e1

gstreamer1-plugins-good-qt-debuginfo-1.18.4-6.el9.i686.rpm

SHA-256: 4528cd099fa813b0cc0419bf18406cf162838cdeaab87f30d4d070ed4f093a1e

gstreamer1-plugins-good-qt-debuginfo-1.18.4-6.el9.x86_64.rpm

SHA-256: 7d9e6e60c564297104d634d47cd9b1db9df0b7145f02b2b8037e05cdf9502474

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

gstreamer1-plugins-good-1.18.4-6.el9.src.rpm

SHA-256: 8a9cfba785808125d90b997020e79fbffe3f7fddd9cd24a5a3d3c1637c6ad038

s390x

gstreamer1-plugins-good-1.18.4-6.el9.s390x.rpm

SHA-256: 219fe6c52e811448cfc37f16ede53b0ee1ee5741825e8e0169e963110f1f017c

gstreamer1-plugins-good-debuginfo-1.18.4-6.el9.s390x.rpm

SHA-256: c2d4d71fdb41f8732726c5c4427fb17f5f10e65d489d0c898af4a3c1577516f3

gstreamer1-plugins-good-debugsource-1.18.4-6.el9.s390x.rpm

SHA-256: d33aa9df1505461da0e5d821d84ce62e993bf7d0170b1b7c6955e715d3ce1777

gstreamer1-plugins-good-gtk-1.18.4-6.el9.s390x.rpm

SHA-256: 9514f57f3a96cd3b5a6674c3f3d4538b295252cdf4f549c698db7aefb2308d01

gstreamer1-plugins-good-gtk-debuginfo-1.18.4-6.el9.s390x.rpm

SHA-256: 08616c083995aae17c0ee78dae9973c7672624c46382a0b4f259714dbcb8e3f1

gstreamer1-plugins-good-qt-debuginfo-1.18.4-6.el9.s390x.rpm

SHA-256: e54f8e13423699ec88162c4ee7266419d7681aaf2229bb4522147d6291339aab

Red Hat Enterprise Linux for Power, little endian 9

SRPM

gstreamer1-plugins-good-1.18.4-6.el9.src.rpm

SHA-256: 8a9cfba785808125d90b997020e79fbffe3f7fddd9cd24a5a3d3c1637c6ad038

ppc64le

gstreamer1-plugins-good-1.18.4-6.el9.ppc64le.rpm

SHA-256: 87ff2e0e705abb9a42468638862ef36d02bd7af906e54474aea2b04f5d0ddede

gstreamer1-plugins-good-debuginfo-1.18.4-6.el9.ppc64le.rpm

SHA-256: 4d1e4e776b598a20214c3679942c9a0b2b4a86a9ddbc27bd83525716d404ef8c

gstreamer1-plugins-good-debugsource-1.18.4-6.el9.ppc64le.rpm

SHA-256: 16cfd81cf29757297343be509f5b0eadffecba2fefa8e4fb10ceabb2c90f14cd

gstreamer1-plugins-good-gtk-1.18.4-6.el9.ppc64le.rpm

SHA-256: cf89b7e9afbbb513a3793e238ee172f65eec8f89d72857f900d48bd9344c82fa

gstreamer1-plugins-good-gtk-debuginfo-1.18.4-6.el9.ppc64le.rpm

SHA-256: eefa65bb1724ccc260a19689fd0f3261e80b36c17e172eb2dbf6d79c818c1655

gstreamer1-plugins-good-qt-debuginfo-1.18.4-6.el9.ppc64le.rpm

SHA-256: cde452aa0a0ce24f9bedd77b0b91352946028f6e3934ead893cff9c00697f3d5

Red Hat Enterprise Linux for ARM 64 9

SRPM

gstreamer1-plugins-good-1.18.4-6.el9.src.rpm

SHA-256: 8a9cfba785808125d90b997020e79fbffe3f7fddd9cd24a5a3d3c1637c6ad038

aarch64

gstreamer1-plugins-good-1.18.4-6.el9.aarch64.rpm

SHA-256: 8a85f399cbd7103789c42b55fffb1d4e61fa1aca49e149a4d68d3dadca2fac4d

gstreamer1-plugins-good-debuginfo-1.18.4-6.el9.aarch64.rpm

SHA-256: c17434838b7ebb0a73da6f820db2472971f738254d3b20fb9e2ae6059ad792d3

gstreamer1-plugins-good-debugsource-1.18.4-6.el9.aarch64.rpm

SHA-256: 026cb3dd24e9f6fa8ea44c6482352980b9cc4f5bb9ec841a00e812aa382a32d3

gstreamer1-plugins-good-gtk-1.18.4-6.el9.aarch64.rpm

SHA-256: 4a0c92249b603e35cba654c77b76e84f05680c45962e211ad03052861082cd33

gstreamer1-plugins-good-gtk-debuginfo-1.18.4-6.el9.aarch64.rpm

SHA-256: a696f05b6a7243ddc17c998082a32af8620ad70fb76373da604ad74f33f9fcb6

gstreamer1-plugins-good-qt-debuginfo-1.18.4-6.el9.aarch64.rpm

SHA-256: 5f7595eed642c56ec3797d9a969f69478d8d3e3664699732fbc3b6aba42bfcba

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Gentoo Linux Security Advisory 202409-13

Gentoo Linux Security Advisory 202409-13 - Multiple vulnerabilities have been discovered in gst-plugins-good, the worst of which could lead to denial of service or arbitrary code execution. Versions greater than or equal to 1.20.3 are affected.

Red Hat Security Advisory 2023-2260-01

Red Hat Security Advisory 2023-2260-01 - GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Issues addressed include a buffer overflow vulnerability.

CVE-2022-38701: en/security-disclosure/2022/2022-09.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

CVE-2022-38701: en/security-disclosure/2022/2022-09.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

CVE-2022-38701: en/security-disclosure/2022/2022-09.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

CVE-2022-38701: en/security-disclosure/2022/2022-09.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

CVE-2022-38701: en/security-disclosure/2022/2022-09.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

CVE-2022-38701: en/security-disclosure/2022/2022-09.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

CVE-2022-38701: en/security-disclosure/2022/2022-09.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

Ubuntu Security Notice USN-5555-1

Ubuntu Security Notice 5555-1 - It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5555-1

Ubuntu Security Notice 5555-1 - It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5555-1

Ubuntu Security Notice 5555-1 - It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5555-1

Ubuntu Security Notice 5555-1 - It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5555-1

Ubuntu Security Notice 5555-1 - It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5555-1

Ubuntu Security Notice 5555-1 - It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5555-1

Ubuntu Security Notice 5555-1 - It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

CVE-2022-2122: matroska: segfault / potential heap overflow in zlib decoding (#1225) · Issues · GStreamer / gstreamer · GitLab

DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite.

CVE-2022-1921: avidemux: heap buffer overwrite in gst_avi_demux_invert/swap_line (#1224) · Issues · GStreamer / gstreamer · GitLab

Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite.

CVE-2022-1920: matroska: heap overwrite in gst_matroska_demux_add_wvpk_header (#1226) · Issues · GStreamer / gstreamer · GitLab

Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite.