libebml: multiple vulnerabilities
| Package(s): | libebml | CVE #(s): | |||||||||
| Created: | November 6, 2015 | Updated: | January 15, 2016 | ||||||||
| Description: | From the Mageia advisory: In EbmlMaster::Read() in libebml before 1.3.3, when the parser encountered a deeply nested element with an infinite size then a following element of an upper level was not propagated correctly. Instead the element with the infinite size was added into the EBML element tree a second time resulting in memory access after freeing it and multiple attempts to free the same memory address during destruction (TALOS-CAN-0037). In EbmlUnicodeString::UpdateFromUTF8() in libebml before 1.3.3, when reading from a UTF-8 string in which the length indicated by a UTF-8 character's first byte exceeds the string's actual number of bytes the parser would access beyond the end of the string resulting in a heap information leak (TALOS-CAN-0036). | ||||||||||
| Alerts: |
| ||||||||||