Heap Corruption Vulnerability in GStreamer by Freedesktop
CVE-2021-3498

7.8HIGH

Key Information:

Vendor

Gstreamer Project

Status
Gstreamer-plugins-good
Vendor
CVE Published:
19 April 2021

What is CVE-2021-3498?

GStreamer, a widely used multimedia framework, is susceptible to a heap corruption issue when parsing specific malformed Matroska files. This vulnerability can lead to unexpected behavior or crashes in applications utilizing GStreamer before version 1.18.4. It is essential for users and developers to apply the latest updates to safeguard against potential exploitation of this flaw.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

gstreamer-plugins-good gstreamer-plugins-good 1.18.4

References

https://bugzilla.redhat.com/show_bug.cgi?id=1945342
x_refsource_MISC
https://gstreamer.freedesktop.org/security/sa-2021-0003.html
x_refsource_MISC
https://www.debian.org/security/2021/dsa-4900
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.