CVE-2015-8789
Published: 29 January 2016
Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document.
Notes
Author | Note |
---|---|
sbeattie | mkvtoolnix contains an embedded copy of libebml, but looks to use the system version |
Priority
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.6 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Changed |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
References
- https://github.com/Matroska-Org/libebml/commit/88409e2a94dd3b40ff81d08bf6d92f486d036b24
- https://github.com/Matroska-Org/libebml/blob/release-1.3.3/ChangeLog
- http://lists.opensuse.org/opensuse-updates/2016-01/msg00035.html
- http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html
- https://www.cve.org/CVERecord?id=CVE-2015-8789
- NVD
- Launchpad
- Debian