Fedora EPEL 7 update for mkvtoolnix

1) Use-after-free error

EUVDB-ID: #VU15553

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2018-4022

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to execute arbitrary code with elevated privileges.

The weakness exists in the MKVToolNix mkvinfo tool due to use-after-free error when handling of the MKV (Matroska video) file format. 
While reading a new element, the mkvinfo parser attempts to validate the current element by checking if it has a particular valid value. If there is no such value, the parser deletes the element since the read was invalid. However, even if the element is deleted, the value is passed back to the calling function via a variable, but there is no validation, even if this element is valid and was not freed before. A remote attacker can trick the victim into opening a specially crafted file .mkv file, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 7

mkvtoolnix: before 28.2.0-1.el7

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:mkvtoolnix:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-cbfa290941

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.