Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document.
AnalysisAI
Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size". Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document. Affected products include: Matroska Libebml. Version information: before 1.3.3.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing. Rated medium severi
A flaw was found in libebml before 1.4.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable,
The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sens
The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensit
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today