Home

CVE-2021-3522

Description

GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.17

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Java SE 8u301Windows
Multiple vulnerabilities affected in Java SE (x64) 8u301Windows
Vulnerability CVE-2021-3497,CVE-2021-3498,CVE-2021-3522 are affected in GStreamer 1.18.3Windows
Multiple vulnerabilities are affected in Java SE Development Kit 8.0.3010.9Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) 8.0.3010.9Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) 8.0.3010Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 8 (MSI) 8.58Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 8 (MSI) (x64) 8.58Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 11 (MSI) (x64) 11.52Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 13 13.44Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 17 17.30Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 17 (x64) 17.30Windows
Multiple Vulnerabilities are affected in Netapp Active Iq Unified Manager 2.3Windows
Multiple Vulnerabilities are affected in Netapp Oncommand Insight 2.3Windows
Multiple Vulnerabilities are affected in Netapp Oncommand Workflow Automation 2.3Windows
GStreamer plugins (USN-4959-1) gstreamer1.0-plugins-base_1.16.2-4ubuntu0.1_i386.debLinux
GStreamer plugins (USN-4959-1) gstreamer1.0-plugins-base_1.16.2-4ubuntu0.1_amd64.debLinux
GStreamer plugins (USN-4959-1) gstreamer1.0-plugins-base_1.18.0-2ubuntu0.1_i386.debLinux
GStreamer plugins (USN-4959-1) gstreamer1.0-plugins-base_1.18.0-2ubuntu0.1_amd64.debLinux
GStreamer plugins (USN-4959-1) gstreamer1.0-plugins-base_1.14.5-0ubuntu1~18.04.3_i386.debLinux
GStreamer plugins (USN-4959-1) gstreamer1.0-plugins-base_1.14.5-0ubuntu1~18.04.3_amd64.debLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) gstreamer-plugins-base-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) gstreamer-plugins-base-debuginfo-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) gstreamer-plugins-base-debuginfo-32bit-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) gstreamer-plugins-base-debugsource-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) gstreamer-plugins-base-lang-1.8.3-13.6.1.noarch.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgstallocators-1_0-0-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgstallocators-1_0-0-debuginfo-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgstapp-1_0-0-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgstapp-1_0-0-32bit-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgstapp-1_0-0-debuginfo-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgstapp-1_0-0-debuginfo-32bit-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgstaudio-1_0-0-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgstaudio-1_0-0-32bit-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgstaudio-1_0-0-debuginfo-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgstaudio-1_0-0-debuginfo-32bit-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgstfft-1_0-0-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgstfft-1_0-0-debuginfo-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgstpbutils-1_0-0-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgstpbutils-1_0-0-32bit-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgstpbutils-1_0-0-debuginfo-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgstpbutils-1_0-0-debuginfo-32bit-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgstriff-1_0-0-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgstriff-1_0-0-debuginfo-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgstrtp-1_0-0-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgstrtp-1_0-0-debuginfo-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgstrtsp-1_0-0-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgstrtsp-1_0-0-debuginfo-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgstsdp-1_0-0-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgstsdp-1_0-0-debuginfo-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgsttag-1_0-0-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgsttag-1_0-0-32bit-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgsttag-1_0-0-debuginfo-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgsttag-1_0-0-debuginfo-32bit-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgstvideo-1_0-0-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgstvideo-1_0-0-32bit-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgstvideo-1_0-0-debuginfo-1.8.3-13.6.1.x86_64.rpmLinux
SUSE-SU-2022:3911-1(SUSE Linux Enterprise Server 12-SP5 ) libgstvideo-1_0-0-debuginfo-32bit-1.8.3-13.6.1.x86_64.rpmLinux
gstreamer1-plugins-base Security Update (ALAS-2023-2000) gstreamer1-plugins-base-devel-docs-1.10.4-2.amzn2.0.3.noarch.rpmLinux
gstreamer-plugins-base Security Update (ALAS-2024-2407) gstreamer-plugins-base-0.10.36-18.amzn2.0.2.i686.rpmLinux
gstreamer-plugins-base Security Update (ALAS-2024-2407) gstreamer-plugins-base-0.10.36-18.amzn2.0.2.x86_64.rpmLinux
gstreamer-plugins-base Security Update (ALAS-2024-2407) gstreamer-plugins-base-devel-0.10.36-18.amzn2.0.2.x86_64.rpmLinux
gstreamer-plugins-base Security Update (ALAS-2024-2407) gstreamer-plugins-base-tools-0.10.36-18.amzn2.0.2.x86_64.rpmLinux
gstreamer-plugins-base Security Update (ALAS-2024-2407) gstreamer-plugins-base-devel-docs-0.10.36-18.amzn2.0.2.noarch.rpmLinux
gstreamer1-plugins-base Security Update (ALAS2-2023-2000) gstreamer1-plugins-base-devel-docs-1.10.4-2.amzn2.0.3.noarch.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-349781Java Runtime Environment 1.8 (8.0.4610.11) (Manual Upload Required)
PATCH-349782Java Runtime Environment 1.8 (x64) (8.0.4610.11) (Manual Upload Required)
PATCH-333702Java SE Development Kit 8 Update 391 (32-bit) (8.0.3910.13) (JDK) (Manual Upload Required)
PATCH-333701Java SE Development Kit 8 Update 391 (64-bit) (8.0.3910.13) (JDK) (Manual Upload Required)
PATCH-333701Java SE Development Kit 8 Update 391 (64-bit) (8.0.3910.13) (JDK) (Manual Upload Required)
PATCH-342222Azul Zulu JDK 8 (MSI) (8.82.0.21)
PATCH-342223Azul Zulu JDK 8 (MSI) (x64) (8.82.0.21)
PATCH-342218Azul Zulu JDK 11 (MSI) (x64) (11.76.21)
PATCH-328592Azul Zulu JDK 13 (13.54.17)
PATCH-342219Azul Zulu JDK 17 (17.54.21)
PATCH-342220Azul Zulu JDK 17 (x64) (17.54.21)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234