Base Score

HIGH7.8

CVE-2021-3498

GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.

VectorLOCAL

Published Bysecalert@redhat.com

Published DateApr 19, 2021, 21:15

Weakness Type (CWE):CWE-787

CVSS Metrics

Base Score

7.8

Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

http://packetstormsecurity.com/files/162952/Gstreamer-Matroska-Demuxing-Use-After-Free.html
https://bugzilla.redhat.com/show_bug.cgi?id=1945342
https://gstreamer.freedesktop.org/security/sa-2021-0003.html
https://security.gentoo.org/glsa/202208-31
https://www.debian.org/security/2021/dsa-4900

Base Score

HIGH7.8

Weakness Type (CWE):CWE-787

CVSS Metrics

Base Score

7.8

Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH