[Matroska-users] MKVToolNix v9.4.2 released

Moritz Bunkus moritz at bunkus.org
Sun Sep 11 14:42:18 CEST 2016


Hey,

unfortunately the just-released v9.4.2 contained a nasty regression in
both the AVC and HEVC readers. I'm therefore releasing v9.4.2 mere
hours after v9.4.1. The only difference is the fix to the
aforementioned regression. I'm including the whole announcement for
v9.4.1 below.

Somewhat unscheduled I'm releasing v9.4.1. It fixes several errors in
mkvmerge, most of which are exploitable via specially crafted
file. They were found by fuzzing done by Justin Smith.

Nothing's been changed regarding the packagin since v9.4.0.

Here are the usual links:

…to the source code: http://mkvtoolnix.download/source.html
…to the binaries: http://mkvtoolnix.download/downloads.html

The Windows and Mac OS binaries are available. Most of the Linux
binaries are still being built and will be available in a couple of
hours.

Here's the full ChangeLog since v9.4.0

----------------------------------------------------------------------
2016-09-11  Moritz Bunkus  <moritz at bunkus.org>

        * Released v9.4.2 "So High".

        * mkvmerge: bug fix: AVC & HEVC readers: release v9.4.1 contains a
        change to both readers so that they will refuse to handle files
        where the detected pixel width or height is equal to or less than
        0. This check was wrong in certain cases causing mkvmerge to
        reject a file as an unsupported file type. This has been fixed
        while keeping the constraints on width & height having to be
        positive.

        * Released v9.4.1 "Black Rain".

2016-09-07  Moritz Bunkus  <moritz at bunkus.org>

        * Note: most of the bugs fixed on 2016-09-06 and 2016-09-07 for
        issue #1780 are potentially exploitable. The scenario is arbitrary
        code execution with specially-crafted files. Updating is highly
        recommended.

        * mkvmerge: bug fix: AVC & HEVC readers: the readers will now
        refuse to handle files where the detected pixel width or height is
        equal to or less than 0. Before this fix the muxing process
        aborted with an assertion inside libMatroska. Fixes the last test
        case of #1780.

        * mkvmerge: bug fix: HEVC parser: fixed another invalid memory
        access (beyond the end of allocated space). Fixes two test cases
        of #1780.

2016-09-06  Moritz Bunkus  <moritz at bunkus.org>

        * mkvmerge: bug fix: HEVC parser: fixed another invalid memory
        access (beyond the end of a fixed-size array). Fixes several test
        cases of #1780.

        * mkvmerge: bug fix: MP4 reader: an error message will be printed
        instead of an uncaught exception when an invalid atom chunk size
        is encountered during resync. Fixes a test case of #1780.

        * mkvmerge: bug fix: AAC reader: fixed mkvmerge throwing an
        uncaught exception due to the sample rate being 0. Fixes a test
        case of #1780.

        * mkvmerge: bug fix: MP4 reader: fixed an invalid memory access
        (beyond the end of allocated space). Fixes several test cases of
        #1780.

        * mkvmerge: bug fix: HEVC parser: fixed an invalid memory access
        (beyond the end of allocated space). Fixes several test cases of
        #1780.

        * mkvmerge: bug fix: fixed an invalid memory access (use after
        free) during global destruction phase. Fixes several test cases of
        #1780.

2016-09-02  Moritz Bunkus  <moritz at bunkus.org>

        * mkvmerge: bug fix: using very large --sync values (several
        minutes) with certain container formats was causing mkvmerge to
        abort muxing. Fixes #1774.
----------------------------------------------------------------------

Kind regards,
mosu


More information about the Matroska-users mailing list