PublicDateAtUSN: 2021-04-24 00:00:00 UTC
Candidate: CVE-2021-3522
PublicDate: 2021-06-02 15:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3522
 https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues/876
 https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/f4a1428a6997658625d529b9db60fde812fbf1ee (master)
 https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/8a88e5c1db05ebadfd4569955f6f47c23cdca3c4 (1.18.4)
 https://gstreamer.freedesktop.org/security/sa-2021-0001.html
 https://ubuntu.com/security/notices/USN-4959-1
Description:
 GStreamer before 1.18.4 may perform an out-of-bounds read when handling
 certain ID3v2 tags.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: leosilva
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]


Patches_gst-plugins-base1.0:
upstream_gst-plugins-base1.0: released (1.18.4-2)
precise/esm_gst-plugins-base1.0: DNE
trusty_gst-plugins-base1.0: ignored (out of standard support)
trusty/esm_gst-plugins-base1.0: DNE
xenial_gst-plugins-base1.0: ignored (end of standard support, was needs-triage)
esm-infra/xenial_gst-plugins-base1.0: released (1.8.3-1ubuntu0.3+esm1)
bionic_gst-plugins-base1.0: released (1.14.5-0ubuntu1~18.04.3)
focal_gst-plugins-base1.0: released (1.16.2-4ubuntu0.1)
groovy_gst-plugins-base1.0: released (1.18.0-2ubuntu0.1)
hirsute_gst-plugins-base1.0: released (1.18.4-1)
impish_gst-plugins-base1.0: not-affected (1.18.4-2)
jammy_gst-plugins-base1.0: not-affected (1.18.4-2)
devel_gst-plugins-base1.0: not-affected (1.18.4-2)