CVE-2015-8789Libebml vulnerability

8 documents6 sources
Severity
9.6CRITICALNVD
EPSS
0.4%
top 40.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Matroska Libebml
Timeline
PublishedJan 29
Latest updateMay 17

Description

Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages2 packages

Debianmatroska/libebml< 1.3.3-1+3
NVDmatroska/libebml1.3.2

🔴Vulnerability Details

3
GHSA
GHSA-h7v7-5ph3-4v3p: Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 12022-05-17
CVEList
CVE-2015-8789: Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 12016-01-29
OSV
CVE-2015-8789: Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 12016-01-29

📋Vendor Advisories

1
Debian
CVE-2015-8789: libebml - Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before ...2015

💬Community

3
Bugzilla
CVE-2016-1515 libebml: Multiple ElementList Double Free Vulnerabilities2017-01-12
Bugzilla
CVE-2015-8789 libebml: Usa-after-free vulnerability in EblMaster::Read() [epel-all]2015-10-29
Bugzilla
CVE-2015-8789 libebml: Use-after-free vulnerability in EblMaster::Read()2015-10-29
CVE-2015-8789 — Matroska Libebml vulnerability | cvebase