Vulnerabilities > CVE-2017-12780 - Use After Free vulnerability in Matroska Libebml2, Mkclean and Mkvalidator
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted mkv file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Common Weakness Enumeration (CWE)
References
- http://packetstormsecurity.com/files/144902/mkvalidator-0.5.1-Denial-Of-Service.html
- http://packetstormsecurity.com/files/144902/mkvalidator-0.5.1-Denial-Of-Service.html
- http://seclists.org/fulldisclosure/2017/Nov/19
- http://seclists.org/fulldisclosure/2017/Nov/19
- https://github.com/Matroska-Org/foundation-source/issues/24
- https://github.com/Matroska-Org/foundation-source/issues/24