[3.2] libmatroska: Out-of-bounds heap read in KaxInternalBlock::ReadData() (CVE-2015-8792)
KaxInternalBlock::ReadData(): Fixed an invalid memory access. When
reading a block group or a simple block that uses EBML
lacing the frame sizes indicated in the lacing weren’t checked against
the available number of bytes. If the indicated frame size
was bigger than the whole block’s size the parser would read beyond the
end of the buffer resulting in a heap information leak.
Fixed In Version:
libmatroska 1.4.4
References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8792
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-8792
Patch:
https://github.com/Matroska-Org/libmatroska/commit/0a2d3e3644a7453b6513db2f9bc270f77943573f
(from redmine: issue id 5405, created on 2016-04-12, closed on 2016-04-25)
- Relations:
- parent #5403 (closed)
- Changesets:
- Revision 52735339 on 2016-04-19T14:45:56Z:
main/libmatroska: security upgrade to 1.4.4 (CVE-2015-8792). Fixes #5405