SB2018103122 - Fedora 27 update for mkvtoolnix
Published: October 31, 2018 Updated: April 24, 2025
Security Bulletin ID
SB2018103122
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free error (CVE-ID: CVE-2018-4022)
The vulnerability allows a remote unauthenticated attacker to execute arbitrary code with elevated privileges.The weakness exists in the MKVToolNix mkvinfo tool due to use-after-free error when handling of the MKV (Matroska video) file format.
While reading a new element, the mkvinfo parser attempts to validate the current element by checking if it has a particular valid value. If there is no such value, the parser deletes the element since the read was invalid. However, even if the element is deleted, the value is passed back to the calling function via a variable, but there is no validation, even if this element is valid and was not freed before. A remote attacker can trick the victim into opening a specially crafted file .mkv file, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.