CVE-2015-8792Improper Restriction of Operations within the Bounds of a Memory Buffer in Libmatroska

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-200Sensitive Information Exposure8 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
0.3%
top 45.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Matroska LibmatroskaDebian LibmatroskaOpensuse Leap+1 more
Timeline
PublishedJan 29
Latest updateMay 14

Description

The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

debiandebian/libmatroska< libmatroska 1.4.4-1 (bookworm)
Debianmatroska/libmatroska< 1.4.4-1+3
NVDopensuse/leap42.1
NVDopensuse/opensuse13.1, 13.2+1

Patches

Patch: lists.matroska.orgPatch: github.comPatch: lists.matroska.org

🔴Vulnerability Details

2
GHSA
GHSA-fw7f-4x98-8cg9: The KaxInternalBlock::ReadData function in libMatroska before 12022-05-14
OSV
CVE-2015-8792: The KaxInternalBlock::ReadData function in libMatroska before 12016-01-29

📋Vendor Advisories

1
Debian
CVE-2015-8792: libmatroska - The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows conte...2015

💬Community

4
Bugzilla
CVE-2015-8792 libmatroska: Out-of-bounds heap read in KaxInternalBlock::ReadData() [fedora-all]2015-10-29
Bugzilla
CVE-2015-8792 libmatroska: Out-of-bounds heap read in KaxInternalBlock::ReadData() [epel-all]2015-10-29
Bugzilla
CVE-2015-8792 libmatroska: Out-of-bounds heap read in KaxInternalBlock::ReadData()2015-10-29
Bugzilla
CVE-2015-8792 libebml: Usa-after-free vulnerability in EblMaster::Read() [fedora-all]2015-10-29
CVE-2015-8792 — Debian Libmatroska vulnerability | cvebase