Vulnerability Details CVE-2015-8791
The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.9%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.3
References
- http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html
- http://lists.opensuse.org/opensuse-updates/2016-01/msg00035.html
- http://www.debian.org/security/2016/dsa-3538
- https://github.com/Matroska-Org/libebml/blob/release-1.3.3/ChangeLog
- https://github.com/Matroska-Org/libebml/commit/24e5cd7c666b1ddd85619d60486db0a5481c1b90
- http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html
- http://lists.opensuse.org/opensuse-updates/2016-01/msg00035.html
- http://www.debian.org/security/2016/dsa-3538
- https://github.com/Matroska-Org/libebml/blob/release-1.3.3/ChangeLog
- https://github.com/Matroska-Org/libebml/commit/24e5cd7c666b1ddd85619d60486db0a5481c1b90
Products affected by CVE-2015-8791
-
cpe:2.3:a:matroska:libebml:-
-
cpe:2.3:a:matroska:libebml:0.8.0
-
cpe:2.3:a:matroska:libebml:1.0.0
-
cpe:2.3:a:matroska:libebml:1.2.0
-
cpe:2.3:a:matroska:libebml:1.2.1
-
cpe:2.3:a:matroska:libebml:1.2.2
-
cpe:2.3:a:matroska:libebml:1.3.0
-
cpe:2.3:a:matroska:libebml:1.3.1
-
cpe:2.3:a:matroska:libebml:1.3.2