Debian 9859 Published by

Updated libmatroska packages has been released for Debian 6 LTS



Package : libmatroska
Version : 0.8.1-1.1+deb6u1
CVE ID : CVE-2014-9765

It was discovered that there was a invalid memory address issue
in libmatroska, an extensible open standard audio/video container
format.

When reading a block group or a simple block that uses EBML
lacing the frame sizes indicated in the lacing weren't checked
against the available number of bytes. If the indicated frame
size was bigger than the whole block's size the parser would read
beyond the end of the buffer resulting in a heap information
leak.

For Debian 6 Squeeze, this issue has been fixed in libmatroska
version 0.8.1-1.1+deb6u1.