564426 – (CVE-2015-8792) <media-libs/libmatroska-1.4.4: Out-of-bounds heap read in KaxInternalBlock::ReadData() (CVE-2015-8792)

Bug 564426 (CVE-2015-8792) - <media-libs/libmatroska-1.4.4: Out-of-bounds heap read in KaxInternalBlock::ReadData() (CVE-2015-8792)

Summary: <media-libs/libmatroska-1.4.4: Out-of-bounds heap read in KaxInternalBlock::R...

Status:	RESOLVED FIXED

Alias:	CVE-2015-8792

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2015-10-29 14:35 UTC by Agostino Sarubbo
Modified:	2016-06-30 09:23 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2015-10-29 14:35:44 UTC

From ${URL} :

KaxInternalBlock::ReadData(): Fixed an invalid memory access. When reading a block group or a 
simple block that uses EBML lacing the frame sizes indicated in the lacing weren't checked against 
the available number of bytes. If the indicated frame size was bigger than the whole block's size 
the parser would read beyond the end of the buffer resulting in a heap information leak.

Upstream patch:

https://github.com/Matroska-Org/libmatroska/commit/0a2d3e3644a7453b6513db2f9bc270f77943573f


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Comment 1 Alexis Ballier gentoo-dev

2015-10-29 21:09:19 UTC

already fixed in 1.4.4 I think, which is good to go stable

Comment 2 Agostino Sarubbo gentoo-dev

2015-10-30 08:41:50 UTC

Arches, please test and mark stable:
=media-libs/libmatroska-1.4.4
Target keywords : "alpha amd64 arm ia64 ppc ppc64 sparc x86"

Comment 3 Agostino Sarubbo gentoo-dev

2015-10-30 08:45:15 UTC

amd64 stable

Comment 4 Agostino Sarubbo gentoo-dev

2015-10-30 08:45:54 UTC

x86 stable

Comment 5 Jeroen Roovers (RETIRED) gentoo-dev

2015-10-31 06:34:36 UTC

Stable for PPC64.

Comment 6 Tobias Klausmann (RETIRED) gentoo-dev

2015-11-01 14:51:51 UTC

Stable on alpha.

Comment 7 Agostino Sarubbo gentoo-dev

2015-11-04 14:50:54 UTC

ppc stable

Comment 8 Agostino Sarubbo gentoo-dev

2015-11-05 11:01:57 UTC

sparc stable

Comment 9 Markus Meier gentoo-dev

2015-11-15 20:59:41 UTC

arm stable

Comment 10 Agostino Sarubbo gentoo-dev

2015-11-18 09:34:08 UTC

ia64 stable.

Maintainer(s), please cleanup.
Security, please vote.

Comment 11 Yury German Gentoo Infrastructure

2015-12-23 23:30:55 UTC

Arches, Thank you for your work.
GLSA Vote: No

Maintainer(s), please drop the vulnerable version(s).

Comment 12 Yury German Gentoo Infrastructure

2016-02-25 08:33:11 UTC

Maintainer(s), please drop the vulnerable version(s).

Comment 13 Yury German Gentoo Infrastructure

2016-04-28 05:11:24 UTC

Maintainer(s), please drop the vulnerable version(s).

Comment 14 GLSAMaker/CVETool Bot gentoo-dev

2016-06-30 09:16:21 UTC

CVE-2015-8792 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8792):
  The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows
  context-dependent attackers to obtain sensitive information from process
  heap memory via crafted EBML lacing, which triggers an invalid memory
  access.

Comment 15 Aaron Bauman (RETIRED) gentoo-dev

2016-06-30 09:23:42 UTC

Maintainer timeout.. cleanup complete:

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=14735d715a5a582e2723a810c371281e8dd085ff