A heap-based buffer overflow in libeml might allow attackers to execute arbitrary code.
Package | dev-libs/libebml on the arm ppc sparc x86 architecture |
---|---|
Affected versions | < 1.4.2 |
Unaffected versions | >= 1.4.2 |
libebml is a C++ library to parse EBML files.
On 32bit builds of libebml, the length of a string is miscalculated, potentially leading to an exploitable heap overflow.
An attacker able to provide arbitrary input to libebml could achieve arbitrary code execution.
There is no known workaround at this time.
Users of libebml on 32 bit architectures should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libebml-1.4.2"
Release date
August 14, 2022
Latest revision
August 14, 2022: 1
Severity
high
Exploitable
remote
Bugzilla entries