Published: 29/01/2016 Updated: 30/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The KaxInternalBlock::ReadData function in libMatroska prior to 1.4.4 allows context-dependent malicious users to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access.

Vulnerable Product	Search on Vulmon	Subscribe to Product
matroska libmatroska
opensuse leap 42.1
opensuse opensuse 13.2
opensuse opensuse 13.1

It was discovered that libmatroska, an extensible open standard audio/video container format, incorrectly processed EBML lacing By providing maliciously crafted input, an attacker could use this flaw to force some leakage of information located in the process heap memory For the oldstable distribution (wheezy), this problem has been fixed in vers ...

CWE-119 CWE-200 http://lists.opensuse.org/opensuse-updates/2016-01/msg00035.html https://github.com/Matroska-Org/libmatroska/blob/release-1.4.4/ChangeLog http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html https://github.com/Matroska-Org/libmatroska/commit/0a2d3e3644a7453b6513db2f9bc270f77943573f http://www.debian.org/security/2016/dsa-3526 https://nvd.nist.gov https://www.debian.org/security/./dsa-3526

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-8792

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect