5 matches found
CVE-2021-3405
CVE-2021-3405 affects libebml before 1.4.2. A heap overflow bug in EbmlString::ReadData and EbmlUnicodeString::ReadData is disclosed across multiple advisories (Gentoo GLSA, Debian DLA, Arch, Fedora). The vulnerability arises in libebml’s string data handling and can allow exploitation via crafte...
CVE-2015-8789
The CVE-2015-8789 issue affects libebml (EbmlMaster::Read) prior to 1.3.3. A use-after-free condition occurs when parsing a deeply nested EBML element with infinite size, which can lead to remote code execution if a malicious document is provided. Public advisories (Debian DSA-3538-1) describe th...
CVE-2023-52339
CVE-2023-52339 affects the libebml library (EBML format) prior to version 1.4.5. The issue is an integer overflow in MemIOCallback.cpp during read/write, which can lead to buffer overflows. The CVSS indicates Network attack vector, exploit requires user interaction, with Availability impact (HIGH...
CVE-2015-8790
CVE-2015-8790 affects libebml (EBML library). Affected: libebml versions prior to 1.3.3. Root cause: context-dependent attackers could obtain sensitive information from process heap memory by using a crafted UTF-8 string, leading to information exposure. Related issues: CVE-2015-8789 (use-after-f...
CVE-2015-8791
CVE-2015-8791 affects libebml, with the EbmlElement::ReadCodedSizeValue function vulnerable to context-dependent attackers causing memory disclosure via a crafted EBML length value. Affected version: before 1.3.3. Consequence: potential leakage of process heap memory. Remediation: upgrade to libe...