MGASA-2021-0334

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0334.html

Import Source

https://advisories.mageia.org/MGASA-2021-0334.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2021-0334

Related

CVE-2021-3522

Published

2021-07-10T20:00:34Z

Modified

2021-07-10T18:43:23Z

Summary

Updated gstreamer1.0-plugins packages fix security vulnerabilities

Details

GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags (CVE-2021-3522).

Overflows in AVC/HEVC NAL unit length calculations, which would lead to allocating infinite amounts of small memory blocks until OOM and could potentially also lead to memory corruptions.

References

https://advisories.mageia.org/MGASA-2021-0334.html
https://bugs.mageia.org/show_bug.cgi?id=28977
https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/2103
https://www.debian.org/security/2021/dsa-4903
https://www.debian.org/security/2021/dsa-4902
https://ubuntu.com/security/notices/USN-4959-1

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2021-0334

Affected packages