[Matroska-devel] libEBML v1.4.1 released

Moritz Bunkus mo at bunkus.online
Mon Jan 4 15:38:10 CET 2021


Hey,

here's a new releases of libEBML, v1.4.1. It fixes an issue when
encountering certain types of invalid data; libEBML might return a pointer
to memory that has just been freed, leading to potential use-after-free
errors.

Here are the download link & ChangeLog entries:

https://dl.matroska.org/downloads/libebml/libebml-1.4.1.tar.xz
https://dl.matroska.org/downloads/libebml/libebml-1.4.1.tar.xz.sha512.txt

ChangeLog:

------------------------------------------------------------
2021-01-04  Moritz Bunkus  <mo at bunkus.online>

        * Release v1.4.1.

2021-01-02  Moritz Bunkus  <mo at bunkus.online>

        * Fixed a case EbmlMaster::Read where the element returned via
        UpperEltFound and FountElt points to a just-deleted element,
        causing callers to think the memory returned is valid, potentially
        leading to use-after-free/double-free errors. This can happen if
        the specific element's Read function throws an exception when
        encountering certain invalid data constellations.
------------------------------------------------------------

Have fun :)

mosu


More information about the Matroska-devel mailing list