Bugzilla – Bug 964396
VUL-0: CVE-2015-8790: libebml: The EbmlUnicodeString::UpdateFromUTF8 function leaks information
Last modified: 2018-02-26 15:17:16 UTC
CVE-2015-8790 The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8790 https://github.com/Matroska-Org/libebml/commit/ababb64e0c792ad2a314245233db0833ba12036b
bugbot adjusting priority
I have stepped down from maintaining libebml, libmatroska and mkvtoolnix in 2009: http://lists.opensuse.org/opensuse-packaging/2009-08/msg00172.html I know nothing about those packages, the only thing I can do is drop them and replace them with an empty package to make sure the vulnerability is solved by uninstalling them.
CVE-2015-8790 is also known as TALOS-CAN-0036 and was already fixed by Request: https://build.opensuse.org/request/show/352647 So this is a duplicate of: https://bugzilla.opensuse.org/show_bug.cgi?id=961031 Maintenance incident 4501: https://build.opensuse.org/project/show/openSUSE:Maintenance:4501 *** This bug has been marked as a duplicate of bug 961031 ***
CVE-2016-1514 was a duplicate assigned to this CVE id.