[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 420-1] libmatroska security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libmatroska
Version        : 0.8.1-1.1+deb6u1
CVE ID         : CVE-2014-9765

It was discovered that there was a invalid memory address issue
in libmatroska, an extensible open standard audio/video container
format.

When reading a block group or a simple block that uses EBML
lacing the frame sizes indicated in the lacing weren't checked
against the available number of bytes. If the indicated frame
size was bigger than the whole block's size the parser would read
beyond the end of the buffer resulting in a heap information
leak.

For Debian 6 Squeeze, this issue has been fixed in libmatroska
version 0.8.1-1.1+deb6u1.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWxeonAAoJEB6VPifUMR5YEDUQAKHfSXrtCAsOaeXvsL4SB2nn
JHcjq64Raclr6JPn3PKGxgMKcuQJYrBnww8T+lKbLKoMQBstGNTwtGEDVwt/jsqJ
4fJLcsua1/KtaAIx2iNL225HLGCpYUhG2He96UQIOENs2zBg6HcA9V2xtp/AXQCy
rXmc80lQknBuPd363DSOtBaT9HsBHlfN/EryoX9Pkoni8PytT1Aj5Ci5N3JLPnwX
fuSi7Iq/uVfjT3/jxN00bUWs4We0BvL4jr/L0UWXyGQSv1HMU6iwzx5eJCSh6Lgv
7z2Ej2fkvtUwz1HYaDdirZ/DhDJDWsSeBmBY+YOgGu4//I7UbDM0ram7It1JIIgi
yyKHTOywi9b25X9Fs/V4c+sWd1RKUiGLWqMw6LdEL5C+65MvH7yMiEAuaGg2XqJ0
CRLcWSVBzFG4Ki5K9NwKmW006HyF21ZGQcEZ4KbRdnL5qJtzfU86MTw5RqRHeOJK
DmwO1BMxnSFvQQvtrS0wp4iYOiWzVfNxIG6aNAViyW9kASnhVFv8C+U9AJwdij6U
OvxFMw0YCGMNUjdGoQ6C9P9llUtBGagQX6JHQt1Eqe8MvE06m85begm0rWjN0fXk
WSKFRk5XMBVpVXONiwz0KQIRC71qyjxeZ7Hw02Q7k5fPH0+Iof6tMJEZnr9icrN9
kQ8iosZ0dVlJyhPU7zIz
=nTq0
-----END PGP SIGNATURE-----


Reply to: