CVE-2022-1923 Information

Description

DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault or could cause a heap overwrite depending on libc and OS. Depending on the libc used and the underlying OS capabilities it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks and the OS supports mmap then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk and it will start to write to unmapped memory). However if using a libc implementation that does not use mmap or if the OS does not support mmap while using libc then this could result in a heap overwrite.

Reference

https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225