CVE-2015-8790

Priority
Description
The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3
allows context-dependent attackers to obtain sensitive information from
process heap memory via a crafted UTF-8 string, which triggers an invalid
memory access.
Notes
sbeattiemkvtoolnix contains an embedded copy of libebml, but it looks
like it uses the system version of it
Package
Upstream:released (1.3.3)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [1.3.0-2+deb8u1build0.14.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1.3.3-1)
More Information

Updated: 2020-03-18 22:42:33 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)