CVE-2021-3185

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions gst-plugins-bad versions prior to 1.18.1

Description A flaw was found in the gstreamer h264 component where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution. The vulnerability is related to the gst h264 slice parse dec ref pic marking function and is associated with a buffer overflow in memory, which could allow a remote attacker to execute arbitrary code or cause a denial of service.

Recommendations For versions prior to 1.18.1, update to version 1.18.1 or later to resolve the issue. As a temporary workaround, consider disabling the gst h264 slice parse dec ref pic marking function until a patch is available. Restrict access to the gstreamer h264 component to minimize the risk of exploitation.

Fix

Buffer Overflow

Memory Corruption

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120CWE-787CWE-121

Related Identifiers

ALT-PU-2020-3145

BDU:2021-01189

CVE-2021-3185

DLA-2528-1

DSA-4833-1

DSA-4833-2

MGASA-2021-0079

OESA-2021-1035

OESA-2021-1047

OPENSUSE-SU-2021:0822-1

OPENSUSE-SU-2021:1012-1

OPENSUSE-SU-2021:1819-1

OPENSUSE-SU-2021_0822-1

OPENSUSE-SU-2021_1012-1

OPENSUSE-SU-2021_1819-1

OPENSUSE-SU-2024:11776-1

OPENSUSE-SU-2024:11777-1

OPENSUSE-SU-2024:11778-1

OPENSUSE-SU-2024:11782-1

SUSE-SU-2021:1819-1

SUSE-SU-2021:1873-1

SUSE-SU-2021:1875-1

SUSE-SU-2021:1904-1

SUSE-SU-2021:1944-1

SUSE-SU-2021_1819-1

SUSE-SU-2021_1873-1

SUSE-SU-2021_1875-1

SUSE-SU-2021_1904-1

SUSE-SU-2021_1944-1

Affected Products

Alt Linux

Astra Linux

Suse

Gst-Plugins-Bad

CVE-2021-3185

Weakness Enumeration

Related Identifiers

Affected Products

References · 48