Candidate: CVE-2015-8791
PublicDate: 2016-01-29 19:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8791
 https://github.com/Matroska-Org/libebml/commit/24e5cd7c666b1ddd85619d60486db0a5481c1b90
 https://github.com/Matroska-Org/libebml/blob/release-1.3.3/ChangeLog
 http://lists.opensuse.org/opensuse-updates/2016-01/msg00035.html
 http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html
Description:
 The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows
 context-dependent attackers to obtain sensitive information from process
 heap memory via a crafted length value in an EBML id, which triggers an
 invalid memory access.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N [4.3 MEDIUM]

Patches_libebml:
upstream_libebml: released (1.3.3)
precise_libebml: released (1.2.2-2+deb7u1build0.12.04.1)
trusty_libebml: released (1.3.0-2+deb8u1build0.14.04.1)
trusty/esm_libebml: DNE (trusty was released [1.3.0-2+deb8u1build0.14.04.1])
vivid_libebml: ignored (reached end-of-life)
vivid/stable-phone-overlay_libebml: DNE
vivid/ubuntu-core_libebml: DNE
wily_libebml: ignored (reached end-of-life)
xenial_libebml: not-affected (1.3.3-1)
devel_libebml: not-affected (1.3.3-1)