CVE-2015-8790
Published: 29 January 2016
The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access.
Notes
Author | Note |
---|---|
sbeattie | mkvtoolnix contains an embedded copy of libebml, but it looks like it uses the system version of it |
Priority
Severity score breakdown
Parameter | Value |
---|---|
Base score | 4.3 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8790
- https://github.com/Matroska-Org/libebml/commit/ababb64e0c792ad2a314245233db0833ba12036b
- https://github.com/Matroska-Org/libebml/blob/release-1.3.3/ChangeLog
- http://lists.opensuse.org/opensuse-updates/2016-01/msg00035.html
- http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html
- NVD
- Launchpad
- Debian