PT-2016-4022 · Matroska+1 · Libmatroska+1

Moritz Bunkus

·

Published

2016-01-29

·

Updated

2018-10-30

·

CVE-2015-8792

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions libMatroska versions prior to 1.4.4
Description The issue allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access. This is due to a problem in the KaxInternalBlock::ReadData function.
Recommendations For versions prior to 1.4.4, update to version 1.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the KaxInternalBlock::ReadData function until a patch is available.

Fix

Information Disclosure

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-119

Related Identifiers

ALT-PU-2016-1932
CVE-2015-8792
DLA-420-1
DSA-3526-1

Affected Products

Alt Linux
Libmatroska