Two security-related issues were fixed in libebml, a library for accessing the
EBML format:
- CVE-2015-8790
The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3
allows context-dependent attackers to obtain sensitive information from
process heap memory via a crafted UTF-8 string, which triggers an invalid
memory access.
- CVE-2015-8791
The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows
context-dependent attackers to obtain sensitive information from process
heap memory via a crafted length value in an EBML id, which triggers an
invalid memory access.
For Debian 6 squeeze, these issues have been fixed in libebml version
0.7.7-3.1+deb6u1. We recommend you to upgrade your libebml packages.