Bug 2258046 (CVE-2023-52339) - CVE-2023-52339 libebml: integer overflow in MemIOCallback::read
Summary: CVE-2023-52339 libebml: integer overflow in MemIOCallback::read
Keywords:
Status: NEW
Alias: CVE-2023-52339
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
: CVE-2023-7217 (view as bug list)
Depends On: 2258047 2258048
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-01-12 11:34 UTC by TEJ RATHI
Modified: 2024-02-16 12:56 UTC (History)
1 user (show)

Fixed In Version: libebml 1.4.5
Doc Type: ---
Doc Text:
An integer overflow vulnerability was found in libebml, specifically in the MemIOCallback::read function within MemIOCallback.cpp. This flaw can lead to buffer overflows during read or write operations, resulting in invalid memory access and potential exploitation by an attacker. The absence of an integer overflow check may allow malicious actors to read beyond allocated memory, posing a risk of unauthorized access and potential compromise of the system
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description TEJ RATHI 2024-01-12 11:34:36 UTC 
In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing. It may result in buffer overflows.

https://github.com/Matroska-Org/libebml/blob/v1.x/NEWS.md
https://github.com/Matroska-Org/libebml/compare/release-1.4.4...release-1.4.5
https://github.com/Matroska-Org/libebml/issues/147
https://github.com/Matroska-Org/libebml/pull/148
Comment 1 TEJ RATHI 2024-01-12 11:35:03 UTC 
Created libebml tracking bugs for this issue:

Affects: epel-all [bug 2258048]
Affects: fedora-all [bug 2258047]
Comment 2 Marian Rehak 2024-02-16 12:56:07 UTC 
*** Bug 2256953 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.