Matroska : Security Vulnerabilities, CVEs,
In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing. It may result in buffer overflows.
Max CVSS
6.5
EPSS Score
0.06%
Published
2024-01-12
Updated
2024-02-05
A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml.
Max CVSS
6.5
EPSS Score
1.79%
Published
2021-02-23
Updated
2022-09-30
The Node_ValidatePtr function in corec/corec/node/node.c in mkclean 0.8.9 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.
Max CVSS
6.5
EPSS Score
0.23%
Published
2017-11-10
Updated
2017-11-28
The EBML_IntegerValue function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.
Max CVSS
6.5
EPSS Score
0.08%
Published
2017-11-10
Updated
2017-11-27
The UpdateDataSize function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.
Max CVSS
6.5
EPSS Score
0.08%
Published
2017-11-10
Updated
2017-11-22
The EBML_FindNextElement function in ebmlmain.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.
Max CVSS
6.5
EPSS Score
0.08%
Published
2017-11-10
Updated
2017-11-22
The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.
Max CVSS
6.5
EPSS Score
0.08%
Published
2017-11-10
Updated
2017-11-22
The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.
Max CVSS
6.5
EPSS Score
0.08%
Published
2017-11-10
Updated
2017-11-22
The EBML_BufferToID function in ebmlelement.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.
Max CVSS
6.5
EPSS Score
0.08%
Published
2017-11-10
Updated
2017-11-22
The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted mkv file.
Max CVSS
6.5
EPSS Score
0.08%
Published
2017-11-10
Updated
2017-11-22
The Node_GetData function in corec/corec/node/node.c in mkvalidator 0.5.1 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.
Max CVSS
6.5
EPSS Score
0.21%
Published
2017-11-10
Updated
2017-11-28
The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access.
Max CVSS
5.3
EPSS Score
0.18%
Published
2016-01-29
Updated
2018-10-30
The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access.
Max CVSS
4.3
EPSS Score
0.21%
Published
2016-01-29
Updated
2016-12-03
The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access.
Max CVSS
4.3
EPSS Score
0.40%
Published
2016-01-29
Updated
2017-01-20
Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document.
Max CVSS
9.6
EPSS Score
0.83%
Published
2016-01-29
Updated
2017-01-20
Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c) in xine-lib before 1.1.10.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Matroska file with invalid frame sizes.
Max CVSS
9.3
EPSS Score
4.73%
Published
2008-03-10
Updated
2017-08-08
16 vulnerabilities found