Debian Linux
CVE-2021-3498
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.
AnalysisAI
A heap corruption vulnerability exists in GStreamer media framework versions before 1.18.4 when parsing malformed Matroska (MKV) video files. An attacker can craft a malicious Matroska file that, when processed by a vulnerable GStreamer installation, triggers heap memory corruption leading to potential code execution with the privileges of the application using GStreamer. While not known to be actively exploited in the wild (not in KEV), a public proof-of-concept exploit is available and the EPSS score of 0.24% indicates moderate exploitation likelihood.
Technical ContextAI
GStreamer is a popular open-source multimedia framework used for creating streaming media applications across Linux distributions and embedded systems. The vulnerability affects the Matroska demuxer component responsible for parsing MKV container format files, as indicated by the specific affected CPE cpe:2.3:a:gstreamer:gstreamer. The root cause is a buffer overflow (CWE-119) where improper bounds checking during Matroska file parsing allows writing beyond allocated heap memory boundaries. Major Linux distributions including Debian 10, Red Hat Enterprise Linux 7 and 8 ship vulnerable versions of GStreamer in their repositories.
RemediationAI
Upgrade GStreamer to version 1.18.4 or later which contains the security fix for this heap corruption vulnerability. Distribution-specific updates are available through Debian Security Advisory DSA-4900 at https://www.debian.org/security/2021/dsa-4900 and Gentoo Linux Security Advisory GLSA-202208-31 at https://security.gentoo.org/glsa/202208-31. For systems that cannot be immediately patched, implement strict input validation for Matroska files and avoid processing MKV files from untrusted sources. Consider sandboxing media processing applications using AppArmor or SELinux to limit potential damage from exploitation.
More in Debian Linux
View allRoundcube Webmail contains a critical PHP object deserialization vulnerability (CVE-2025-49113, CVSS 9.9) that allows au
GNU Inetutils telnetd through version 2.7 contains a critical authentication bypass that allows remote attackers to gain
Erlang/OTP SSH server allows unauthenticated remote code execution by exploiting a flaw in SSH protocol message handling
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows rem
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18,
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, an
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction wi
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execut
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to e
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.2
Same weakness CWE-119 – Buffer Overflow
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today