CVE-2021-3185

A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution.
Classic Buffer Overflow
Severity
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
NONE
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
freedesktopgst-plugins-bad
𝑥
< 1.18.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gst-plugins-bad1.0
bullseye
1.18.4-3+deb11u4
fixed
bullseye (security)
1.18.4-3+deb11u4
fixed
bookworm
1.22.0-4+deb12u5
fixed
bookworm (security)
1.22.0-4+deb12u5
fixed
sid
1.24.9-1
fixed
trixie
1.24.9-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gst-plugins-bad1.0
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
ignored
focal
not-affected
bionic
needed
xenial
needed
trusty
needed