[Matroska-devel] libEBML v1.4.2 & libMatroska v1.6.3 released

Moritz Bunkus mo at bunkus.online
Thu Feb 18 13:21:46 CET 2021


Hey,

there's a heap overflow bug in libEBML v1.4.1 (CVE-2021-3405) that has just
been fixed with the release of v1.4.2.

libMatroska v1.6.3 on the other hand is solely a feature enhancement.

Both libraries are API & ABI compatible with their previous releases.

Here are the download link & ChangeLog entries:

https://dl.matroska.org/downloads/libebml/libebml-1.4.2.tar.xz
https://dl.matroska.org/downloads/libebml/libebml-1.4.2.tar.xz.sha512.txt

https://dl.matroska.org/downloads/libmatroska/libmatroska-1.6.3.tar.xz
https://dl.matroska.org/downloads/libmatroska/libmatroska-1.6.3.tar.xz.sha512.txt

ChangeLog libEBML:

------------------------------------------------------------
2021-02-18  Moritz Bunkus  <mo at bunkus.online>

        * Release v1.4.2.

        * Fixed several heap overflow bugs in the `ReadData` functions of
        various data type classes. This fixes CVE-2021-3405.
------------------------------------------------------------

ChangeLog libMatroska:

------------------------------------------------------------
2021-02-18  Moritz Bunkus  <mo at bunkus.online>

        * Release v1.6.3.

        * libEBML v1.4.2 is now required.

        * Added classes for new track header elements:
        "KaxFlagHearingImpaired", "KaxFlagVisualImpaired",
        "KaxFlagTextDescriptions", "KaxFlagOriginal" and
        "KaxFlagCommentary".
------------------------------------------------------------

Have fun :)

mosu


More information about the Matroska-devel mailing list