Mageia: MGASA-2021-0334 Moderate: GStreamer Out Of Bounds Read
mageia
July 10, 2021
GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags (CVE-2021-3522)
Summary
GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain
ID3v2 tags (CVE-2021-3522).
Overflows in AVC/HEVC NAL unit length calculations, which would lead to
allocating infinite amounts of small memory blocks until OOM and could
potentially also lead to memory corruptions.
References
- https://bugs.mageia.org/show_bug.cgi?id=28977
- https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/2103
- https://lists.debian.org/debian-security-announce/2021/msg00084.html
- https://lists.debian.org/debian-security-announce/2021/msg00083.html
- https://ubuntu.com/security/notices/USN-4959-1
- https://www.cve.org/CVERecord?id=CVE-2021-3522
Resolution
SRPMS
- 8/core/gstreamer1.0-plugins-base-1.18.3-1.1.mga8
- 8/core/gstreamer1.0-plugins-bad-1.18.3-1.1.mga8
- 8/tainted/gstreamer1.0-plugins-bad-1.18.3-1.1.mga8.tainted
- 7/core/gstreamer1.0-plugins-base-1.16.0-2.1.mga7
- 7/core/gstreamer1.0-plugins-bad-1.16.0-1.2.mga7
- 7/tainted/gstreamer1.0-plugins-bad-1.16.0-1.2.mga7.tainted
PREVIOUS 
NEXT Publication date: 10 Jul 2021
URL: https://advisories.mageia.org/MGASA-2021-0334.html
Type: security
CVE: CVE-2021-3522
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!