CVE-2015-8789
published 2016-01-29CVE-2015-8789: Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a…
PriorityP434critical9.6CVSS 3.0
AVNACLPRNUIRSCCHIHAH
EPSS
2.13%
79.7th percentile
Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libebml | < libebml 1.3.3-1 (bookworm) | libebml 1.3.3-1 (bookworm) |
| matroska | libebml | <= 1.3.2 | — |
| matroska | libebml | >= 0 < 1.3.3-1 | 1.3.3-1 |
| matroska | libebml | >= 0 < 1.3.3-1 | 1.3.3-1 |
| matroska | libebml | >= 0 < 1.3.3-1 | 1.3.3-1 |
| matroska | libebml | >= 0 < 1.3.3-1 | 1.3.3-1 |
CVSS provenance
nvdv3.09.6CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.6CRITICAL
vendor_debian9.6CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h7v7-5ph3-4v3p: Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1
ghsa_unreviewed·2022-05-17
CVE-2015-8789 [CRITICAL] GHSA-h7v7-5ph3-4v3p: Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1
Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document.
OSV
CVE-2015-8789: Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1
osv·2016-01-29·CVSS 9.6
CVE-2015-8789 [CRITICAL] CVE-2015-8789: Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1
Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document.
Debian
CVE-2015-8789: libebml - Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before ...
vendor_debian·2015·CVSS 9.6
CVE-2015-8789 [CRITICAL] CVE-2015-8789: libebml - Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before ...
Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document.
Scope: local
bookworm: resolved (fixed in 1.3.3-1)
bullseye: resolved (fixed in 1.3.3-1)
forky: resolved (fixed in 1.3.3-1)
sid: resolved (fixed in 1.3.3-1)
trixie: resolved (fixed in 1.3.3-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-1514 CVE-2016-1515 libebml: various flaws [epel-all]
bugzilla·2017-01-12·CVSS 9.6
CVE-2016-1514 [CRITICAL] CVE-2016-1514 CVE-2016-1515 libebml: various flaws [epel-all]
CVE-2016-1514 CVE-2016-1515 libebml: various flaws [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora EPEL. W
Bugzilla
CVE-2016-1515 libebml: Multiple ElementList Double Free Vulnerabilities
bugzilla·2017-01-12·CVSS 9.6
CVE-2016-1515 [CRITICAL] CVE-2016-1515 libebml: Multiple ElementList Double Free Vulnerabilities
CVE-2016-1515 libebml: Multiple ElementList Double Free Vulnerabilities
A vulnerability was found in libebml. A use after free/double free vulnerability can occur in libebml while parsing Track elements of the MKV container which would crash the application.
References:
http://www.talosintelligence.com/reports/TALOS-2016-0037/
Discussion:
Created libebml tracking bugs for this issue:
Affects: epel-all [bug 1412634]
Affects: fedora-all [bug 1412633]
---
Upon closer investigation, I believe it is a duplicate of CVE-2015-8789 (bug 1276332) and will close it as such upon confirmation from upstream.
---
*** This bug has been marked as a duplicate of bug 1276332 ***
Bugzilla
CVE-2015-8789 libebml: Usa-after-free vulnerability in EblMaster::Read() [epel-all]
bugzilla·2015-10-29·CVSS 9.6
CVE-2015-8789 [CRITICAL] CVE-2015-8789 libebml: Usa-after-free vulnerability in EblMaster::Read() [epel-all]
CVE-2015-8789 libebml: Usa-after-free vulnerability in EblMaster::Read() [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported v
Bugzilla
CVE-2015-8789 libebml: Use-after-free vulnerability in EblMaster::Read()
bugzilla·2015-10-29·CVSS 9.6
CVE-2015-8789 [CRITICAL] CVE-2015-8789 libebml: Use-after-free vulnerability in EblMaster::Read()
CVE-2015-8789 libebml: Use-after-free vulnerability in EblMaster::Read()
When the parser encountered a deeply nested element with an infinite size then a following element of an upper level was not propagated correctly. Instead the element with the infinite size was added into the EBML element tree a second time resulting in memory access after freeing it and multiple attempts to free the same memory address during destruction.
Upstream patch:
https://github.com/Matroska-Org/libebml/commit/88409e2a94dd3b40ff81d08bf6d92f486d036b24
Discussion:
Created libebml tracking bugs for this issue:
Affects: fedora-all [bug 1276336]
Affects: epel-all [bug 1276337]
---
Added CVE according to http://www.cvedetails.com/cve/CVE-2015-8789/
---
*** Bug 1412632 has been marked as a duplicate of this
http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.htmlhttp://lists.opensuse.org/opensuse-updates/2016-01/msg00035.htmlhttp://www.debian.org/security/2016/dsa-3538http://www.securityfocus.com/bid/94924http://www.talosintelligence.com/reports/TALOS-2016-0037/https://github.com/Matroska-Org/libebml/blob/release-1.3.3/ChangeLoghttps://github.com/Matroska-Org/libebml/commit/88409e2a94dd3b40ff81d08bf6d92f486d036b24http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.htmlhttp://lists.opensuse.org/opensuse-updates/2016-01/msg00035.htmlhttp://www.debian.org/security/2016/dsa-3538http://www.securityfocus.com/bid/94924http://www.talosintelligence.com/reports/TALOS-2016-0037/https://github.com/Matroska-Org/libebml/blob/release-1.3.3/ChangeLoghttps://github.com/Matroska-Org/libebml/commit/88409e2a94dd3b40ff81d08bf6d92f486d036b24
2016-01-29
Published