Vulnerabilities > Matroska

DATE CVE VULNERABILITY TITLE RISK
2017-11-10 CVE-2017-12779 NULL Pointer Dereference vulnerability in Matroska Mkvalidator 0.5.1
The Node_GetData function in corec/corec/node/node.c in mkvalidator 0.5.1 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.
network
matroska CWE-476
4.3
2016-01-29 CVE-2015-8792 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access.
network
low complexity
matroska opensuse CWE-119
5.0
2016-01-29 CVE-2015-8791 Information Exposure vulnerability in Matroska Libebml 1.3.2
The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access.
network
matroska CWE-200
4.3
2016-01-29 CVE-2015-8790 Information Exposure vulnerability in Matroska Libebml 1.3.2
The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access.
network
matroska CWE-200
4.3
2016-01-29 CVE-2015-8789 Unspecified vulnerability in Matroska Libebml 1.3.2
Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document.
network
matroska
critical
9.3