CVE-2015-8790

Published: Jan 29, 2016Modified: May 6, 2026

4.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access.

Affected (1)

Products: Matroska: Libebml

Matroska

1 product

Libebml

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Matroska Libebml	Up to 1.3.2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (16)

http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html

Source: cve@mitre.org

Vendor Advisory

http://lists.opensuse.org/opensuse-updates/2016-01/msg00035.html

Source: cve@mitre.org

http://www.debian.org/security/2016/dsa-3538

Source: cve@mitre.org

http://www.securityfocus.com/bid/85307

Source: cve@mitre.org

http://www.securityfocus.com/bid/95124

Source: cve@mitre.org

http://www.talosintelligence.com/reports/TALOS-2016-0036/

Source: cve@mitre.org

https://github.com/Matroska-Org/libebml/blob/release-1.3.3/ChangeLog

Source: cve@mitre.org

Vendor Advisory

https://github.com/Matroska-Org/libebml/commit/ababb64e0c792ad2a314245233db0833ba12036b

Source: cve@mitre.org

http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html