Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2022:3910-2 High: Gstreamer-Plugins-Bad Buffer Overflow

suse
Calendar Grey November 8, 2022
Dist Suse Esm H88
An important patch has been released for gstreamer-plugins-bad, resolving significant security issues in openSUSE environments.
An update that fixes 7 vulnerabilities is now available

Summary

This update for gstreamer-plugins-good fixes the following issues: - CVE-2022-1920: Fixed integer overflow in WavPack header handling code (bsc#1201688). - CVE-2022-1921: Fixed integer overflow resulting in heap corruption in avidemux element (bsc#1201693). - CVE-2022-1922: Fixed integer overflows in mkv demuxing (bsc#1201702). - CVE-2022-1923: Fixed integer overflows in mkv demuxing using bzip (bsc#1201704). - CVE-2022-1924: Fixed integer overflows in mkv demuxing using lzo (bsc#1201706). - CVE-2022-1925: Fixed integer overflows in mkv demuxing using HEADERSTRIP (bsc#1201707). - CVE-2022-2122: Fixed integer overflows in qtdemux using zlib (bsc#1201708). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods

Topics%20covered

Topics Covered

security advisory moderate software update integer overflow SUSE gstreamer plugin issues

References

#1201688 #1201693 #1201702 #1201704 #1201706

#1201707 #1201708

Cross- CVE-2022-1920 CVE-2022-1921 CVE-2022-1922

CVE-2022-1923 CVE-2022-1924 CVE-2022-1925

CVE-2022-2122

CVSS scores:

CVE-2022-1920 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-1920 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

CVE-2022-1921 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-1921 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

CVE-2022-1922 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-1922 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

CVE-2022-1923 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-1923 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

Announcement ID: SUSE-SU-2022:3908-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate software update integer overflow SUSE gstreamer plugin issues

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here