Bugzilla – Bug 964397
VUL-0: CVE-2015-8791: libebml: The EbmlElement::ReadCodedSizeValue function leaks information
Last modified: 2016-07-22 22:54:00 UTC
CVE-2015-8791 The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8791 https://github.com/Matroska-Org/libebml/commit/24e5cd7c666b1ddd85619d60486db0a5481c1b90
I have stepped down from maintaining libebml, libmatroska and mkvtoolnix in 2009: http://lists.opensuse.org/opensuse-packaging/2009-08/msg00172.html I know nothing about those packages, the only thing I can do is drop them and replace them with an empty package to make sure the vulnerability is solved by uninstalling them.
bugbot adjusting priority
Duplicate of: https://bugzilla.opensuse.org/show_bug.cgi?id=961031 Fixed with Request: https://build.opensuse.org/request/show/352647 Maintenance incident 4501: https://build.opensuse.org/project/show/openSUSE:Maintenance:4501 *** This bug has been marked as a duplicate of bug 961031 ***