MGASA-2021-0334
- Source
- https://advisories.mageia.org/MGASA-2021-0334.html
- Import Source
- https://advisories.mageia.org/MGASA-2021-0334.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2021-0334
- Related
- Published
- 2021-07-10T20:00:34Z
- Modified
- 2021-07-10T18:43:23Z
- Summary
- Updated gstreamer1.0-plugins packages fix security vulnerabilities
- Details
-
GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags (CVE-2021-3522).
Overflows in AVC/HEVC NAL unit length calculations, which would lead to allocating infinite amounts of small memory blocks until OOM and could potentially also lead to memory corruptions.
- References
-
- https://advisories.mageia.org/MGASA-2021-0334.html
- https://bugs.mageia.org/show_bug.cgi?id=28977
- https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/2103
- https://www.debian.org/security/2021/dsa-4903
- https://www.debian.org/security/2021/dsa-4902
- https://ubuntu.com/security/notices/USN-4959-1
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:7 / gstreamer1.0-plugins-bad
Package
- Name
- gstreamer1.0-plugins-bad
- Purl
- pkg:rpm/mageia/gstreamer1.0-plugins-bad?distro=mageia-7
Mageia:7 / gstreamer1.0-plugins-base
Package
- Name
- gstreamer1.0-plugins-base
- Purl
- pkg:rpm/mageia/gstreamer1.0-plugins-base?distro=mageia-7
Mageia:7 / gstreamer1.0-plugins-bad
Package
- Name
- gstreamer1.0-plugins-bad
- Purl
- pkg:rpm/mageia/gstreamer1.0-plugins-bad?distro=mageia-7
Mageia:8 / gstreamer1.0-plugins-bad
Package
- Name
- gstreamer1.0-plugins-bad
- Purl
- pkg:rpm/mageia/gstreamer1.0-plugins-bad?distro=mageia-8
Mageia:8 / gstreamer1.0-plugins-base
Package
- Name
- gstreamer1.0-plugins-base
- Purl
- pkg:rpm/mageia/gstreamer1.0-plugins-base?distro=mageia-8
Mageia:8 / gstreamer1.0-plugins-bad
Package
- Name
- gstreamer1.0-plugins-bad
- Purl
- pkg:rpm/mageia/gstreamer1.0-plugins-bad?distro=mageia-8