DEBIAN-CVE-2022-1924
- Source
- https://security-tracker.debian.org/tracker/DEBIAN-CVE-2022-1924
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-1924.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-1924
- Upstream
- Published
- 2022-07-19T20:15:11Z
- Modified
- 2025-09-19T07:32:08.348590Z
- Summary
- [none]
- Details
-
DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.
- References
Affected packages
Debian:11 / gst-plugins-good1.0
Package
- Name
- gst-plugins-good1.0
- Purl
- pkg:deb/debian/gst-plugins-good1.0?arch=source
Debian:12 / gst-plugins-good1.0
Package
- Name
- gst-plugins-good1.0
- Purl
- pkg:deb/debian/gst-plugins-good1.0?arch=source
Debian:13 / gst-plugins-good1.0
Package
- Name
- gst-plugins-good1.0
- Purl
- pkg:deb/debian/gst-plugins-good1.0?arch=source
Debian:14 / gst-plugins-good1.0
Package
- Name
- gst-plugins-good1.0
- Purl
- pkg:deb/debian/gst-plugins-good1.0?arch=source