Security Advisory 2021-0003 (CVE-2021-3498)

Details

GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.

Impact

It might be possible for a malicious third party to trigger a crash in the application, but possibly also an arbitrary code execution with the privileges of the target user.

Threat mitigation

Workarounds

Solution

The gst-plugins-good 1.18.4 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.