[3.3] libmatroska: Out-of-bounds heap read in KaxInternalBlock::ReadData() (CVE-2015-8792)
KaxInternalBlock::ReadData(): Fixed an invalid memory access. When
reading a block group or a simple block that uses EBML
lacing the frame sizes indicated in the lacing weren’t checked against
the available number of bytes. If the indicated frame size
was bigger than the whole block’s size the parser would read beyond the
end of the buffer resulting in a heap information leak.
Fixed In Version:
libmatroska 1.4.4
References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8792
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-8792
Patch:
https://github.com/Matroska-Org/libmatroska/commit/0a2d3e3644a7453b6513db2f9bc270f77943573f
(from redmine: issue id 5404, created on 2016-04-12, closed on 2016-04-25)
- Relations:
- parent #5403 (closed)
- Changesets:
- Revision f96b4ceb by Timo Teräs on 2016-04-18T15:08:02Z:
main/libebml: upgrade to 1.3.3
ref #5404
(cherry picked from commit eba7d422bfdc722b02d68672186dc00450a7023a)
- Revision f59a1f02 by Timo Teräs on 2016-04-18T15:10:58Z:
main/libmatroska: sec upgrade to 1.4.4 (CVE-2015-8792)
fixes #5404
(cherry picked from commit 19e60f13ef015dfb3f0e5d705b0626e4b24df886)