CVE-2015-8791

Published: Jan 29, 2016Modified: May 6, 2026

4.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access.

Affected (1)

Products: Matroska: Libebml

Matroska

1 product

Libebml

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Matroska Libebml	Up to 1.3.2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html

Source: cve@mitre.org

Vendor Advisory

http://lists.opensuse.org/opensuse-updates/2016-01/msg00035.html

Source: cve@mitre.org

http://www.debian.org/security/2016/dsa-3538

Source: cve@mitre.org

https://github.com/Matroska-Org/libebml/blob/release-1.3.3/ChangeLog

Source: cve@mitre.org

Vendor Advisory

https://github.com/Matroska-Org/libebml/commit/24e5cd7c666b1ddd85619d60486db0a5481c1b90

Source: cve@mitre.org

http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html