CVE-2021-3522
Description
GStreamer before 1.18.4 performs an out-of-bounds read when handling certain ID3v2 tags, potentially leaking memory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
GStreamer before 1.18.4 performs an out-of-bounds read when handling certain ID3v2 tags, potentially leaking memory.
Vulnerability
GStreamer before version 1.18.4 contains an out-of-bounds read vulnerability in the code that parses ID3v2 tags. This occurs when specially crafted ID3v2 tag data is processed, causing the parser to read beyond the allocated buffer boundaries. The affected products include gstreamer-plugins-base and related GStreamer packages. [1][2]
Exploitation
An attacker must supply a multimedia file or stream with a maliciously crafted ID3v2 tag. No additional authentication or special network position is required if the victim opens the file with any application that uses the vulnerable GStreamer version. The out-of-bounds read triggers during tag parsing without user interaction beyond file opening. [1]
Impact
Successful exploitation results in an out-of-bounds read, which can lead to information disclosure (memory contents) or a denial of service (crash). The CVSS v3 base score of 5.5 reflects a medium severity, indicating potential for significant impact on confidentiality and availability. [1]
Mitigation
The fix is included in GStreamer 1.18.4 and later releases. Users should upgrade to GStreamer 1.18.4 or later, and for Gentoo systems, to at least >=media-libs/gstreamer-1.20.2 and corresponding plugin packages [2]. No known workaround is available [2]. Red Hat has marked this CVE as WONTFIX for certain products. [1]
AI Insight generated on May 28, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
17- GStreamer/GStreamerdescription
- osv-coords15 versionspkg:rpm/opensuse/gstreamer-plugins-base&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/gstreamer-plugins-base&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/gstreamer-plugins-base&distro=openSUSE%20Leap%20Micro%205.2pkg:rpm/suse/gstreamer-0_10-plugins-base&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/gstreamer-0_10-plugins-base&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/gstreamer-plugins-base&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/gstreamer-plugins-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/gstreamer-plugins-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/gstreamer-plugins-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3pkg:rpm/suse/gstreamer-plugins-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/gstreamer-plugins-base&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/gstreamer-plugins-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/gstreamer-plugins-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/gstreamer-plugins-base&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/gstreamer-plugins-base&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5
< 1.16.3-150200.4.6.2+ 14 more
- (no CPE)range: < 1.16.3-150200.4.6.2
- (no CPE)range: < 1.16.3-150200.4.6.2
- (no CPE)range: < 1.16.3-150200.4.6.2
- (no CPE)range: < 0.10.36-18.6.1
- (no CPE)range: < 0.10.36-18.6.1
- (no CPE)range: < 1.12.5-150000.3.6.1
- (no CPE)range: < 1.16.3-150200.4.6.2
- (no CPE)range: < 1.16.3-150200.4.6.2
- (no CPE)range: < 1.16.3-150200.4.6.2
- (no CPE)range: < 1.8.3-13.6.1
- (no CPE)range: < 1.12.5-150000.3.6.1
- (no CPE)range: < 1.8.3-13.6.1
- (no CPE)range: < 1.12.5-150000.3.6.1
- (no CPE)range: < 1.8.3-13.6.1
- (no CPE)range: < 1.8.3-13.6.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
4- www.oracle.com/security-alerts/cpuoct2021.htmlnvdPatchThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- security.gentoo.org/glsa/202208-31nvdThird Party Advisory
- security.netapp.com/advisory/ntap-20211022-0004/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.