Jump to content
Login new information ×
Login new information

Vulnerability Spotlight: Talos-2018-0694 – MKVToolNix mkvinfo

steven36

By steven36
in Security & Privacy News

Recommended Posts

steven36

steven36

Posted
Posted

Piotr Bania, Cory Duplantis and Martin Zeiser of Cisco Talos discovered this vulnerability.

 

mkvtoolnix.png

 

Today, Cisco Talos is disclosing a vulnerability that we identified in the MKVToolNix mkvinfo utility that parses the Matroska file format video files (.mkv files).

 

MKVToolNix is a set of tools to create, alter and inspect Matroska files on Linux, Windows and other operating systems.

 

Matroska is a file format for storing common multimedia content, like movies or TV shows, with implementations consisting of mostly of open-source software. Matroska file extensions are MKV for video, MK3D for stereoscopic video, MKA for audio-only files and MKS for subtitle-only files.

 

Vulnerability Spotlight: Talos-2018-0694 - MKVToolNix mkvinfo read_one_element Code Execution Vulnerability

 

Piotr Bania, Cory Duplantis and Martin Zeiser of Cisco Talos discovered this vulnerability.
 

Overview


Today, Cisco Talos is disclosing a vulnerability that we identified in the MKVToolNix mkvinfo utility that parses the Matroska file format video files (.mkv files).

MKVToolNix is a set of tools to create, alter and inspect Matroska files on Linux, Windows and other operating systems.

Matroska is a file format for storing common multimedia content, like movies or TV shows, with implementations consisting of mostly of open-source software. Matroska file extensions are MKV for video, MK3D for stereoscopic video, MKA for audio-only files and MKS for subtitle-only files.




MKV files are multimedia container formats. An MKV container can incorporate audio, video, and subtitles into a single file — even if those elements use different types of encoding. For example, you could have an MKV file that contains H.264 video and an MP3 or AAC file for audio.

 

 

Vulnerability details


TALOS-2018-0694 (CVE-2018-4022) is a use-after-free vulnerability that exists in the MKVToolNix mkvinfo tool and its handling of the MKV (Matroska video) file format. An attacker may be able to create a malicious MKV file that would trigger the vulnerability and allow the attacker to execute code in the context of the current user.

While reading a new element, the mkvinfo parser attempts to validate the current element by checking if it has a particular valid value. If there is no such value, the parser deletes the element since the read was invalid.

However, even if the element is deleted, the value is passed back to the calling function via a variable, but there is no validation, even if this element is valid and was not freed before.

It is possible to forge a file in a way that the vulnerable function frees an element so that another delete operation triggers a use-after-free vulnerability.

 

 

Affected version


The vulnerability is confirmed in the 64-bit version 25.0.0 of the mkvinfo tool, but it may also be present in earlier versions. Users are advised to update their MKVToolNix toolset to version 28.2.0 or later.

 

image2.jpg

 

Source

Link to comment
Share on other sites
  • Views 363
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...