Description
GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.
References (4)
Core 4
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1954761
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuoct2021.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20211022-0004/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202208-31
Scores
CVSS v3
5.5
EPSS
0.0013
EPSS Percentile
32.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (13)
gstreamer/gstreamer
< 1.18.4
gstreamer_project/gstreamer
< 1.18.4
netapp/active_iq_unified_manager
(2 CPE variants)
netapp/e-series_santricity_os_controller
11.0.0 - 11.70.1
netapp/e-series_santricity_storage_manager
netapp/e-series_santricity_web_services
netapp/hci_management_node
netapp/oncommand_insight
netapp/oncommand_workflow_automation
netapp/santricity_unified_manager
... and 3 more
Published
Jun 02, 2021
Tracked Since
Feb 18, 2026