Описание
libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libebml | fixed | 1.3.6-1 | package | |
| libebml | fixed | 1.3.4-1+deb9u1 | stretch | package |
| libebml | no-dsa | jessie | package |
Примечания
https://trac.videolan.org/vlc/ticket/22474
Issue was originally reported to vlc project, but the underlying issue is
found in the libebml library
https://github.com/Matroska-Org/libebml/commit/05beb69ba60acce09f73ed491bb76f332849c3a0
https://github.com/Matroska-Org/libebml/commit/ff0dc3cc21494578ce731f5d7dcde5fdec23d40f
https://github.com/Matroska-Org/libebml/commit/b66ca475be967547af9a3784e720fbbacd381be6
https://github.com/Matroska-Org/libebml/commit/534dfdb995edc18e528de8ce9fa20b3df88426ae
Связанные уязвимости
libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.
libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.
VideoLAN VLC media player 3.0.7.1 has a heap-based buffer over-read in mkv::demux_sys_t::FreeUnused() in modules/demux/mkv/demux.cpp when called from mkv::Open in modules/demux/mkv/mkv.cpp.
Уязвимость функции mkv::demux_sys_t::FreeUnused() библиотеки для обработки видеофайлов libebm медиаплеера VideoLAN Media Player, позволяющая нарушителю получить доступ к защищаемой информации, вызвать отказ в обслуживании или повысить свои привилегии