SB2016022215 - Fedora EPEL 6 update for libebml

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2016022215

SB2016022215 - Fedora EPEL 6 update for libebml

Published: February 22, 2016 Updated: April 24, 2025

Security Bulletin ID SB2016022215
Severity
High
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 33% Low 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2015-8789)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document. <a href="http://cwe.mitre.org/data/definitions/416. A context-dependent attackers can have unspecified impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


2) Information disclosure (CVE-ID: CVE-2015-8790)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access.


3) Information disclosure (CVE-ID: CVE-2015-8791)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access.


Remediation

Install update from vendor's website.

References