Login Sign Up

CVE-2022-1922

7.8 HIGH
Denial of Service

📋 TL;DR

CVE-2022-1922 is an integer overflow vulnerability in GStreamer's Matroska demuxer that can cause denial of service or potential heap overwrite during MKV file processing. The vulnerability occurs during zlib decompression when handling specially crafted MKV files. Systems using GStreamer for media processing are affected.

💻 Affected Systems

Products:
  • GStreamer
  • Applications using GStreamer for MKV processing
Versions: GStreamer versions before 1.20.4
Operating Systems: Linux, Unix-like systems, Any OS running GStreamer
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is in the matroskademux element; any application using GStreamer to process MKV files is potentially vulnerable.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Gstreamer by Gstreamer Project

View all CVEs affecting Gstreamer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Heap overwrite leading to arbitrary code execution, potentially resulting in full system compromise.

🟠

Likely Case

Denial of service through application crash (segfault) when processing malicious MKV files.

🟢

If Mitigated

No impact if patched or if vulnerable component is not exposed to untrusted MKV files.

🌐 Internet-Facing: MEDIUM - Web applications processing user-uploaded MKV files could be exploited.
🏢 Internal Only: LOW - Requires processing of malicious MKV files, which is less likely in controlled environments.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting a malicious MKV file; complexity depends on libc implementation and OS memory management.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: GStreamer 1.20.4 and later

Vendor Advisory: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225

Restart Required: Yes

Instructions:

1. Update GStreamer to version 1.20.4 or later. 2. For Debian/Ubuntu: apt update && apt upgrade gstreamer1.0. 3. Restart affected applications/services.

🔧 Temporary Workarounds

Disable MKV processing

linux

Prevent GStreamer from processing MKV files by removing or disabling matroskademux plugin.

gst-inspect-1.0 --plugin-filters | grep matroska
mv /usr/lib/gstreamer-1.0/libgstmatroska.so /usr/lib/gstreamer-1.0/libgstmatroska.so.disabled

🧯 If You Can't Patch

  • Implement strict input validation for MKV files; only allow trusted sources.
  • Use application sandboxing/containerization to limit potential impact of exploitation.

🔍 How to Verify

Check if Vulnerable:

Check GStreamer version: gst-inspect-1.0 --version | grep version

Check Version:

gst-inspect-1.0 --version

Verify Fix Applied:

Verify version is 1.20.4 or later: gst-inspect-1.0 --version

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault logs from applications using GStreamer
  • Application crashes during MKV file processing

Network Indicators:

  • Unusual MKV file uploads to media processing services

SIEM Query:

source="application.log" AND ("segfault" OR "SIGSEGV") AND "gstreamer"

📊 Metadata

CVE ID: CVE-2022-1922
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-122
Published: July 19, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1922, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)