Lucene search

MitreCVELIST:CVE-2015-8790

HistoryJan 29, 2016 - 7:00 p.m.

CVE-2015-8790

2016-01-2919:00:00

mitre

www.cve.org

AI Score

4.4

Confidence

High

EPSS

0.004

Percentile

73.6%

JSON

The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access.

References

lists.matroska.org/pipermail/matroska-users/2015-October/006985.html

lists.opensuse.org/opensuse-updates/2016-01/msg00035.html

www.debian.org/security/2016/dsa-3538

www.securityfocus.com/bid/85307

www.securityfocus.com/bid/95124

www.talosintelligence.com/reports/TALOS-2016-0036/

github.com/Matroska-Org/libebml/blob/release-1.3.3/ChangeLog

github.com/Matroska-Org/libebml/commit/ababb64e0c792ad2a314245233db0833ba12036b