CVE-2017-12780

Опубликовано: 10 нояб. 2017

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted mkv file.

Ссылки

http://packetstormsecurity.com/files/144902/mkvalidator-0.5.1-Denial-Of-Service.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2017/Nov/19
Exploit
Mailing List
Third Party Advisory
https://github.com/Matroska-Org/foundation-source/issues/24
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/144902/mkvalidator-0.5.1-Denial-Of-Service.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2017/Nov/19
Exploit
Mailing List
Third Party Advisory
https://github.com/Matroska-Org/foundation-source/issues/24
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:matroska:libebml2:*:*:*:*:*:*:*:*

Версия до 2012-08-26 (включая)

cpe:2.3:a:matroska:mkclean:0.8.9:*:*:*:*:*:*:*

cpe:2.3:a:matroska:mkvalidator:0.5.1:*:*:*:*:*:*:*

EPSS

Процентиль: 71%

0.00676

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-416

Связанные уязвимости

CVE-2017-12780

CVSS3: 6.5

ubuntu

около 8 лет назад

The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted mkv file.

GHSA-c58v-vgcm-vhfg

CVSS3: 6.5

github

больше 3 лет назад

The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted mkv file.

EPSS

Процентиль: 71%

0.00676

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-416