CVE-2019-13615

Vulnerability

A heap-based buffer over-read exists in the EbmlElement::FindNextElement function of libebml versions before 1.3.6. This library is used by the MKV module in VideoLAN VLC Media Player binaries before 3.0.3. The vulnerability occurs when parsing specially crafted EBML data, where the code fails to properly check the maximum data size before reading, leading to an out-of-bounds read. [1][2][4]

Exploitation

An attacker can exploit this vulnerability by crafting a malicious media file that triggers the over-read when a user opens it in an affected application. No authentication or special network position is required; the attack relies on user interaction (opening the file). The over-read can cause the application to read beyond the allocated heap buffer, potentially leading to a crash. [2]

Impact

Successful exploitation results in a denial of service (DoS) due to application crash. The referenced sources do not indicate that code execution is achievable; the primary impact is a crash. [2]

Mitigation

The issue is fixed in libebml version 1.3.6, released on July 16, 2019, and in VLC Media Player version 3.0.3. Ubuntu released security updates for libebml (USN-4073-1) on July 25, 2019. Users should update to the patched versions. [1][2][4]