PT-2016-4022 · Matroska+1 · Libmatroska+1

Moritz Bunkus

Publicado

2016-01-29

Atualizado

2018-10-30

CVE-2015-8792

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions libMatroska versions prior to 1.4.4

Description The issue allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access. This is due to a problem in the KaxInternalBlock::ReadData function.

Recommendations For versions prior to 1.4.4, update to version 1.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the KaxInternalBlock::ReadData function until a patch is available.

Correção

Information Disclosure

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-119

Identificadores relacionados

ALT-PU-2016-1932

CVE-2015-8792

DLA-420-1

DSA-3526-1

Produtos afetados

Alt Linux

Libmatroska

PT-2016-4022 · Matroska+1 · Libmatroska+1

CVE-2015-8792

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 19