Advisories » MGASA-2021-0079

Updated gstreamer1.0-plugins-bad packages fix security vulnerability

Publication date: 10 Feb 2021
Modification date: 10 Feb 2021
Type: security
Affected Mageia releases : 7
CVE: CVE-2021-3185

Description

A flaw was found in the gstreamer h264 component of gst-plugins-bad before
v1.18.1 where when parsing a h264 header, an attacker could cause the stack to
be smashed, memory corruption and possibly code execution. (CVE-2021-3185).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=28174
• https://www.debian.org/security/2021/dsa-4833
• https://bugzilla.redhat.com/show_bug.cgi?id=1917192
• https://seclists.org/oss-sec/2021/q1/59
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3185

SRPMS

7/core

• gstreamer1.0-plugins-bad-1.16.0-1.1.mga7

7/tainted

• gstreamer1.0-plugins-bad-1.16.0-1.1.mga7.tainted