Vulnerability Details : CVE-2015-8790
The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access.
Vulnerability category: Information leak
Products affected by CVE-2015-8790
- cpe:2.3:a:matroska:libebml:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-8790
0.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-8790
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2015-8790
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-8790
-
http://www.securityfocus.com/bid/85307
RETIRED: Matroska libEBML CVE-2015-8790 Information Disclosure Vulnerability
-
http://www.talosintelligence.com/reports/TALOS-2016-0036/
TALOS-2016-0036 || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
-
https://github.com/Matroska-Org/libebml/commit/ababb64e0c792ad2a314245233db0833ba12036b
EbmlUnicodeString: don't read beyond end of string · Matroska-Org/libebml@ababb64 · GitHub
-
http://www.debian.org/security/2016/dsa-3538
Debian -- Security Information -- DSA-3538-1 libebml
-
http://lists.opensuse.org/opensuse-updates/2016-01/msg00035.html
openSUSE-SU-2016:0125-1: moderate: Security update for libebml, libmatro
-
https://github.com/Matroska-Org/libebml/blob/release-1.3.3/ChangeLog
libebml/ChangeLog at release-1.3.3 · Matroska-Org/libebml · GitHubVendor Advisory
-
http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html
[Matroska-users] libEBML v1.3.3, libMatroska v1.4.4 released: important fixesVendor Advisory
-
http://www.securityfocus.com/bid/95124
Matroska libEBML CVE-2016-1514 Information Disclosure Vulnerability
Jump to