Heap Corruption Vulnerability in GStreamer by Freedesktop
CVE-2021-3498

7.8HIGH

Key Information:

Vendor

Gstreamer Project

Status
Gstreamer-plugins-good
Vendor
CVE Published:
19 April 2021

What is CVE-2021-3498?

GStreamer, a widely used multimedia framework, is susceptible to a heap corruption issue when parsing specific malformed Matroska files. This vulnerability can lead to unexpected behavior or crashes in applications utilizing GStreamer before version 1.18.4. It is essential for users and developers to apply the latest updates to safeguard against potential exploitation of this flaw.

Affected Version(s)

gstreamer-plugins-good gstreamer-plugins-good 1.18.4

References

https://bugzilla.redhat.com/show_bug.cgi?id=1945342
x_refsource_MISC
https://gstreamer.freedesktop.org/security/sa-2021-0003.html
x_refsource_MISC
https://www.debian.org/security/2021/dsa-4900
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.