Bugzilla – Bug 964395
VUL-0: CVE-2015-8789: libebml: Use-after-free vulnerability in the EbmlMaster::Read function
Last modified: 2018-02-26 15:18:07 UTC
CVE-2015-8789 Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8789 https://github.com/Matroska-Org/libebml/commit/88409e2a94dd3b40ff81d08bf6d92f486d036b24 https://github.com/Matroska-Org/libebml/blob/release-1.3.3/ChangeLog http://lists.opensuse.org/opensuse-updates/2016-01/msg00035.html http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html
bugbot adjusting priority
I have stepped down from maintaining libebml, libmatroska and mkvtoolnix in 2009: http://lists.opensuse.org/opensuse-packaging/2009-08/msg00172.html I know nothing about those packages, the only thing I can do is drop them and replace them with an empty package to make sure the vulnerability is solved by uninstalling them.
Duplicate of: https://bugzilla.opensuse.org/show_bug.cgi?id=961031 Fixed with Request: https://build.opensuse.org/request/show/352647 Maintenance incident 4501: https://build.opensuse.org/project/show/openSUSE:Maintenance:4501 *** This bug has been marked as a duplicate of bug 961031 ***
CVE-2016-1515 was a dup of this CVE.