Candidate: CVE-2021-3185
PublicDate: 2021-01-26 18:16:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3185
 https://bugzilla.redhat.com/show_bug.cgi?id=1917192
 https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/commit/11353b3f6e2f047cc37483d21e6a37ae558896bc
 https://www.openwall.com/lists/oss-security/2021/01/20/1
Description:
 A flaw was found in the gstreamer h264 component of gst-plugins-bad before
 v1.18.1 where when parsing a h264 header, an attacker could cause the stack
 to be smashed, memory corruption and possibly code execution.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_gst-plugins-bad1.0:
upstream_gst-plugins-bad1.0: released (1.18.1-1)
precise/esm_gst-plugins-bad1.0: DNE
trusty_gst-plugins-bad1.0: ignored (out of standard support)
trusty/esm_gst-plugins-bad1.0: needs-triage
xenial_gst-plugins-bad1.0: ignored (end of standard support, was needs-triage)
bionic_gst-plugins-bad1.0: needs-triage
focal_gst-plugins-bad1.0: needs-triage
groovy_gst-plugins-bad1.0: ignored (reached end-of-life)
hirsute_gst-plugins-bad1.0: not-affected (1.18.1-1ubuntu1)
impish_gst-plugins-bad1.0: not-affected (1.18.1-1ubuntu1)
jammy_gst-plugins-bad1.0: not-affected (1.18.1-1ubuntu1)
devel_gst-plugins-bad1.0: not-affected (1.18.1-1ubuntu1)