PT-2018-16370 · Mkvtoolnix+1 · Mkvtoolnix Mkvinfo+1

Published

2018-10-26

Updated

2022-06-07

CVE-2018-4022

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MKVToolNix MKVINFO version 25.0.0

Description A use-after-free issue exists in the way MKVToolNix MKVINFO handles the MKV file format. This can be exploited by a specially crafted MKV file, potentially leading to arbitrary code execution in the context of the current user.

Recommendations For MKVToolNix MKVINFO version 25.0.0, consider avoiding the use of MKV files from untrusted sources until a patch is available. As a temporary workaround, restrict the execution of MKVToolNix MKVINFO to trusted input files only. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

CVE-2018-4022

OPENSUSE-SU-2018_3819-1

OPENSUSE-SU-2024:11053-1

Affected Products

Mkvtoolnix Mkvinfo

Suse

PT-2018-16370 · Mkvtoolnix+1 · Mkvtoolnix Mkvinfo+1

CVE-2018-4022

Weakness Enumeration

Related Identifiers

Affected Products

References · 8