CVE-2017-12779

2017-11-1002:29:17

Google

osv.dev

6.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.6%

JSON

The Node_GetData function in corec/corec/node/node.c in mkvalidator 0.5.1 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.

CPENameOperatorVersion
foundation-sourceeqmkclean-0.8.9-1
foundation-sourceeqmkclean-0.8.9
foundation-sourceeqmkvalidator-0.5.1

Name	Operator	Version
foundation-source	eq	mkclean-0.8.9-1
foundation-source	eq	mkclean-0.8.9
foundation-source	eq	mkvalidator-0.5.1

References

packetstormsecurity.com/files/144902/mkvalidator-0.5.1-Denial-Of-Service.html

seclists.org/fulldisclosure/2017/Nov/19

github.com/Matroska-Org/foundation-source/issues/24