CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
92.6%
Package : libmatroska
Version : 0.8.1-1.1+deb6u1
CVE ID : CVE-2014-9765
It was discovered that there was a invalid memory address issue
in libmatroska, an extensible open standard audio/video container
format.
When reading a block group or a simple block that uses EBML
lacing the frame sizes indicated in the lacing weren't checked
against the available number of bytes. If the indicated frame
size was bigger than the whole block's size the parser would read
beyond the end of the buffer resulting in a heap information
leak.
For Debian 6 Squeeze, this issue has been fixed in libmatroska
version 0.8.1-1.1+deb6u1.
Regards,
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | powerpc | python-xdelta3 | < 3.0.0.dfsg-1+deb7u1 | python-xdelta3_3.0.0.dfsg-1+deb7u1_powerpc.deb |
Debian | 7 | mipsel | xdelta3 | < 3.0.0.dfsg-1+deb7u1 | xdelta3_3.0.0.dfsg-1+deb7u1_mipsel.deb |
Debian | 8 | kfreebsd-amd64 | xdelta3 | < 3.0.8-dfsg-1+deb8u1 | xdelta3_3.0.8-dfsg-1+deb8u1_kfreebsd-amd64.deb |
Debian | 6 | i386 | libmatroska0 | < 0.8.1-1.1+deb6u1 | libmatroska0_0.8.1-1.1+deb6u1_i386.deb |
Debian | 7 | powerpc | xdelta3 | < 3.0.0.dfsg-1+deb7u1 | xdelta3_3.0.0.dfsg-1+deb7u1_powerpc.deb |
Debian | 8 | arm64 | xdelta3 | < 3.0.8-dfsg-1+deb8u1 | xdelta3_3.0.8-dfsg-1+deb8u1_arm64.deb |
Debian | 8 | powerpc | xdelta3 | < 3.0.8-dfsg-1+deb8u1 | xdelta3_3.0.8-dfsg-1+deb8u1_powerpc.deb |
Debian | 7 | s390 | xdelta3 | < 3.0.0.dfsg-1+deb7u1 | xdelta3_3.0.0.dfsg-1+deb7u1_s390.deb |
Debian | 7 | armhf | xdelta3 | < 3.0.0.dfsg-1+deb7u1 | xdelta3_3.0.0.dfsg-1+deb7u1_armhf.deb |
Debian | 7 | ia64 | xdelta3 | < 3.0.0.dfsg-1+deb7u1 | xdelta3_3.0.0.dfsg-1+deb7u1_ia64.deb |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
92.6%