matroska 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk input validation、パス処理の欠陥, and バッファオーバーフロー に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で アプリケーションクラッシュ and vendor impact unexpected behavior などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-52339 | In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing. It may result in buffer overflows. | [email protected] | 6.5 | 0.46% | 2024-01-12 | 2025-11-04 |
| CVE-2021-3405 | A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml. | [email protected] | 6.5 | 2.08% | 2021-02-23 | 2024-11-21 |
| CVE-2017-12803 | The Node_ValidatePtr function in corec/corec/node/node.c in mkclean 0.8.9 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | [email protected] | 6.5 | 0.54% | 2017-11-10 | 2026-05-13 |
| CVE-2017-12802 | The EBML_IntegerValue function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | [email protected] | 6.5 | 0.68% | 2017-11-10 | 2026-05-13 |
| CVE-2017-12801 | The UpdateDataSize function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | [email protected] | 6.5 | 0.68% | 2017-11-10 | 2026-05-13 |
| CVE-2017-12800 | The EBML_FindNextElement function in ebmlmain.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file. | [email protected] | 6.5 | 0.68% | 2017-11-10 | 2026-05-13 |
| CVE-2017-12783 | The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | [email protected] | 6.5 | 0.62% | 2017-11-10 | 2026-05-13 |
| CVE-2017-12782 | The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | [email protected] | 6.5 | 0.62% | 2017-11-10 | 2026-05-13 |
| CVE-2017-12781 | The EBML_BufferToID function in ebmlelement.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file. | [email protected] | 6.5 | 0.68% | 2017-11-10 | 2026-05-13 |
| CVE-2017-12780 | The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted mkv file. | [email protected] | 6.5 | 0.68% | 2017-11-10 | 2026-05-13 |
| CVE-2017-12779 | The Node_GetData function in corec/corec/node/node.c in mkvalidator 0.5.1 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file. | [email protected] | 6.5 | 0.46% | 2017-11-10 | 2026-05-13 |
| CVE-2015-8792 | The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access. | [email protected] | 5.3 | 0.31% | 2016-01-29 | 2026-05-06 |
| CVE-2015-8791 | The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access. | [email protected] | 4.3 | 0.34% | 2016-01-29 | 2026-05-06 |
| CVE-2015-8790 | The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access. | [email protected] | 4.3 | 0.54% | 2016-01-29 | 2026-05-06 |
| CVE-2015-8789 | Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document. | [email protected] | 9.6 | 0.36% | 2016-01-29 | 2026-05-06 |
| CVE-2008-1161 | Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c) in xine-lib before 1.1.10.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Matroska file with invalid frame sizes. | [email protected] | 9.3 | 8.93% | 2008-03-10 | 2026-04-23 |