Debian Security Advisory
DLA-438-1 libebml -- LTS security update
- Date Reported:
- 28 Feb 2016
- Affected Packages:
- libebml
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-8790, CVE-2015-8791.
- More information:
-
Two security-related issues were fixed in libebml, a library for accessing the EBML format:
- CVE-2015-8790
The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access.
- CVE-2015-8791
The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access.
For Debian 6
squeeze
, these issues have been fixed in libebml version 0.7.7-3.1+deb6u1. We recommend you to upgrade your libebml packages. - CVE-2015-8790