CVE-2021-3405

Name
CVE-2021-3405
Description
A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://github.com/Matroska-Org/libebml/issues/74
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNHQI6MDOECJ2HT5GCLEX2DMJFEOWPW7/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YY7R2JZRO5I6WS62KTJFTZGKYELVFTVB/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHIIMWZKHHELFF4NRDMOOCS3HKK3K4DF/
MLIST https://lists.debian.org/debian-lts-announce/2021/04/msg00016.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:matroska:libebml:*:*:*:*:*:*:*:* libebml >= None < 1.4.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libebml edge-community 1.4.2-r0 Timo Teräs <timo.teras@iki.fi> fixed
libebml 3.13-community 1.4.2-r0 Timo Teräs <timo.teras@iki.fi> fixed
libebml 3.11-main 1.3.10-r0 Timo Teräs <timo.teras@iki.fi> possibly vulnerable
libebml 3.10-main 1.3.9-r0 Timo Teräs <timo.teras@iki.fi> possibly vulnerable
libebml 3.14-community 1.4.2-r0 Timo Teräs <timo.teras@iki.fi> fixed