147 matches found
CVE-2015-8790
CVE-2015-8790 affects libebml (EBML library). Affected: libebml versions prior to 1.3.3. Root cause: context-dependent attackers could obtain sensitive information from process heap memory by using a crafted UTF-8 string, leading to information exposure. Related issues: CVE-2015-8789 (use-after-f...
CVE-2015-8789
The CVE-2015-8789 issue affects libebml (EbmlMaster::Read) prior to 1.3.3. A use-after-free condition occurs when parsing a deeply nested EBML element with infinite size, which can lead to remote code execution if a malicious document is provided. Public advisories (Debian DSA-3538-1) describe th...
Matroska libebml EbmlUnicodeString Heap Information Leak
Talos Vulnerability Report TALOS-2016-0036 Matroska libebml EbmlUnicodeString Heap Information Leak January 28, 2016 CVE Number CVE-2015-8790 Description A specially crafted unicode string can cause an off-by-few read on the heap in unicode string parsing code in libebml. This issue can potential...
openSUSE Security Update : libebml / libmatroska (openSUSE-2016-37)
This update for libebml, libmatroska fixes the following security issues : Vulnerabilities fixed in libebml : - Cisco TALOS-CAN-0036: Invalid memory access when reading from a UTF-8 string resulted in a heap information leak bsc961031. - Cisco TALOS-CAN-0037: Deeply nested elements with infinite...
Updated libebml packages fix security vulnerability
In EbmlMaster::Read in libebml before 1.3.3, when the parser encountered a deeply nested element with an infinite size then a following element of an upper level was not propagated correctly. Instead the element with the infinite size was added into the EBML element tree a second time resulting i...
MGASA-2015-0430 Updated libebml packages fix security vulnerability
In EbmlMaster::Read in libebml before 1.3.3, when the parser encountered a deeply nested element with an infinite size then a following element of an upper level was not propagated correctly. Instead the element with the infinite size was added into the EBML element tree a second time resulting i...
libebml -- multiple vulnerabilities
Mortiz Bunkus reports: Multiple invalid memory accesses vulnerabilities...