Matroska

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-52339 1Matroska 1Libebml Nov 4, 2025 Jan 12, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing. It may result in buffer overflows.
CVE-2021-3405 3Debian FedoraprojectMatroska 3Debian Linux FedoraLibebml Nov 21, 2024 Feb 23, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml.
CVE-2017-12803 1Matroska 1Mkclean May 13, 2026 Nov 10, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The Node_ValidatePtr function in corec/corec/node/node.c in mkclean 0.8.9 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.
CVE-2017-12802 1Matroska 3Libebml2 MkcleanMkvalidator May 13, 2026 Nov 10, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The EBML_IntegerValue function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.
CVE-2017-12801 1Matroska 3Libebml2 MkcleanMkvalidator May 13, 2026 Nov 10, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The UpdateDataSize function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.
CVE-2017-12800 1Matroska 3Libebml2 MkcleanMkvalidator May 13, 2026 Nov 10, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The EBML_FindNextElement function in ebmlmain.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.
CVE-2017-12783 1Matroska 3Libebml2 MkcleanMkvalidator May 13, 2026 Nov 10, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.
CVE-2017-12782 1Matroska 3Libebml2 MkcleanMkvalidator May 13, 2026 Nov 10, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.
CVE-2017-12781 1Matroska 3Libebml2 MkcleanMkvalidator May 13, 2026 Nov 10, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The EBML_BufferToID function in ebmlelement.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.
CVE-2017-12780 1Matroska 3Libebml2 MkcleanMkvalidator May 13, 2026 Nov 10, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted mkv file.
CVE-2017-12779 1Matroska 1Mkvalidator May 13, 2026 Nov 10, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The Node_GetData function in corec/corec/node/node.c in mkvalidator 0.5.1 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.
CVE-2015-8792 2Matroska Opensuse 3Leap LibmatroskaOpensuse May 6, 2026 Jan 29, 2016 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory ac...Show more The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access.Show less
CVE-2015-8791 1Matroska 1Libebml May 6, 2026 Jan 29, 2016 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an...Show more The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access.Show less
CVE-2015-8790 1Matroska 1Libebml May 6, 2026 Jan 29, 2016 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid mem...Show more The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access.Show less
CVE-2015-8789 1Matroska 1Libebml May 6, 2026 Jan 29, 2016 N/A· v4 9.6 CRITICAL· v3 9.3 HIGH· v2 Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another ele...Show more Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document.Show less
CVE-2008-1161 1Matroska 1Demuxer Apr 23, 2026 Mar 10, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c) in xine-lib before 1.1.10.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Matroska file with in...Show more Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c) in xine-lib before 1.1.10.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Matroska file with invalid frame sizes.Show less