Vulnerability Details CVE-2015-8789
Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.8%
CVSS Severity
CVSS v3 Score 9.6
CVSS v2 Score 9.3
References
- http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html
- http://lists.opensuse.org/opensuse-updates/2016-01/msg00035.html
- http://www.debian.org/security/2016/dsa-3538
- http://www.securityfocus.com/bid/94924
- http://www.talosintelligence.com/reports/TALOS-2016-0037/
- https://github.com/Matroska-Org/libebml/blob/release-1.3.3/ChangeLog
- https://github.com/Matroska-Org/libebml/commit/88409e2a94dd3b40ff81d08bf6d92f486d036b24
- http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html
- http://lists.opensuse.org/opensuse-updates/2016-01/msg00035.html
- http://www.debian.org/security/2016/dsa-3538
- http://www.securityfocus.com/bid/94924
- http://www.talosintelligence.com/reports/TALOS-2016-0037/
- https://github.com/Matroska-Org/libebml/blob/release-1.3.3/ChangeLog
- https://github.com/Matroska-Org/libebml/commit/88409e2a94dd3b40ff81d08bf6d92f486d036b24
Products affected by CVE-2015-8789
-
cpe:2.3:a:matroska:libebml:-
-
cpe:2.3:a:matroska:libebml:0.8.0
-
cpe:2.3:a:matroska:libebml:1.0.0
-
cpe:2.3:a:matroska:libebml:1.2.0
-
cpe:2.3:a:matroska:libebml:1.2.1
-
cpe:2.3:a:matroska:libebml:1.2.2
-
cpe:2.3:a:matroska:libebml:1.3.0
-
cpe:2.3:a:matroska:libebml:1.3.1
-
cpe:2.3:a:matroska:libebml:1.3.2