CVE-2015-8789

CRITICAL9.6EPSS 0.38%

libebml - security update

Published: 1/29/2016Modified: 3/9/2026

Also known as:DSA-3538-1DEBIAN-CVE-2015-8789

Description

Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document.

Affected packages (2)

Debian/libebmlfrom 0, < 1.3.3-1
Debian/libebmlfrom 0, < 1.2.2-2+deb7u1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-8789