What the vulnerability does

01Description

DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks.

Key dates

02Disclosure timeline

July 19, 2022 CVE published
August 3, 2024 Record updated