PT-2018-16370 · Mkvtoolnix+1 · Mkvtoolnix Mkvinfo+1

Publicado

2018-10-26

Atualizado

2022-06-07

CVE-2018-4022

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MKVToolNix MKVINFO version 25.0.0

Description A use-after-free issue exists in the way MKVToolNix MKVINFO handles the MKV file format. This can be exploited by a specially crafted MKV file, potentially leading to arbitrary code execution in the context of the current user.

Recommendations For MKVToolNix MKVINFO version 25.0.0, consider avoiding the use of MKV files from untrusted sources until a patch is available. As a temporary workaround, restrict the execution of MKVToolNix MKVINFO to trusted input files only. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

CVE-2018-4022

OPENSUSE-SU-2018_3819-1

OPENSUSE-SU-2024:11053-1

Produtos afetados

Mkvtoolnix Mkvinfo

Suse

PT-2018-16370 · Mkvtoolnix+1 · Mkvtoolnix Mkvinfo+1

CVE-2018-4022

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8