Bug 1945342 (CVE-2021-3498) - CVE-2021-3498 gstreamer-plugins-good: Heap corruption in matroska demuxing
Summary: CVE-2021-3498 gstreamer-plugins-good: Heap corruption in matroska demuxing
Keywords:
Status: NEW
Alias: CVE-2021-3498
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 1945343 1945344 1949028 1949029 1949030 1949031
Blocks: 1945353 1949271
TreeView+ depends on / blocked
 
Reported: 2021-03-31 17:39 UTC by Pedro Sampaio
Modified: 2023-07-07 08:33 UTC (History)
5 users (show)

Fixed In Version: gstreamer-plugins-good 1.18.4
Doc Type: If docs needed, set a value
Doc Text:
GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.
Clone Of:
Environment:
Last Closed: 2021-06-28 16:44:30 UTC
Embargoed:

Attachments (Terms of Use)

Description Pedro Sampaio 2021-03-31 17:39:01 UTC 
GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.

References:

https://gstreamer.freedesktop.org/security/sa-2021-0003.html
https://gstreamer.freedesktop.org/releases/1.18/#1.18.4
Comment 1 Pedro Sampaio 2021-03-31 17:39:30 UTC 
Created mingw-gstreamer-plugins-good tracking bugs for this issue:

Affects: fedora-all [bug 1945343]


Created mingw-gstreamer1-plugins-good tracking bugs for this issue:

Affects: fedora-all [bug 1945344]
Comment 2 Huzaifa S. Sidhpurwala 2021-04-13 09:31:37 UTC 
Upstream patch: https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/02174790726dd20a5c73ce2002189bf240ad4fe0?merge_request_iid=903
Comment 5 Guilherme de Almeida Suckevicz 2021-04-19 14:16:36 UTC 
External References:

https://gstreamer.freedesktop.org/security/sa-2021-0003.html
Comment 6 Marc-Andre Lureau 2021-06-28 16:44:30 UTC 
rawhide has:
mingw32-gstreamer1-plugins-good-1.19.1-1.fc35.noarch
Comment 7 Marc-Andre Lureau 2021-06-28 16:46:24 UTC 
wrong bug, reopening
Note You need to log in before you can comment on or make changes to this bug.