CRITICAL🇵🇱 Wersja polska

CVE-2021-3185

CVSS 9.8v3.1pub. 2021-01-26upd. 2024-11-21

A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Freedesktop Gst Plugins Bad

    APP
    Freedesktop
    < 1.18.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2019-20367CRITICAL9.1ten sam vendor

nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the strin...

CVE-2019-9631CRITICAL9.8ten sam vendor

Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.

CVE-2016-2090CRITICAL9.8ten sam vendor

Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified i...

CVE-2021-30860HIGH7.8⚠ KEVten sam vendor

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-...

CVE-2026-50292HIGH7.4ten sam vendor

In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject ude...