CVE-2015-8792

Publication date 29 January 2016

Last updated 25 August 2025

Ubuntu priority

Cvss 3 Severity Score

Description

The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libmatroska	17.04 zesty	Not affected
	16.10 yakkety	Not affected
	16.04 LTS xenial	Not affected
	15.10 wily	Ignored end of life
	15.04 vivid	Ignored end of life
	14.04 LTS trusty	Fixed 1.4.1-2+deb8u1build0.14.04.1
	12.04 LTS precise	Ignored end of life

How can I get the fixes?
What do statuses mean?

Severity score breakdown

Parameter	Value
Base score	5.3 · Medium
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	Low
Integrity impact	None
Availability impact	None
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

MITRE
NVD
Launchpad
Debian

Other references

https://github.com/Matroska-Org/libmatroska/commit/0a2d3e3644a7453b6513db2f9bc270f77943573f
https://github.com/Matroska-Org/libmatroska/blob/release-1.4.4/ChangeLog
http://lists.opensuse.org/opensuse-updates/2016-01/msg00035.html
http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html
https://www.cve.org/CVERecord?id=CVE-2015-8792