libebml is vulnerable to denial of service. A heap overflow bug exists in the implementation of EbmlString::ReadData
and EbmlUnicodeString::ReadData
.
github.com/Matroska-Org/libebml/issues/74
lists.debian.org/debian-lts-announce/2021/04/msg00016.html
lists.fedoraproject.org/archives/list/[email protected]/message/JNHQI6MDOECJ2HT5GCLEX2DMJFEOWPW7/
lists.fedoraproject.org/archives/list/[email protected]/message/UHIIMWZKHHELFF4NRDMOOCS3HKK3K4DF/
lists.fedoraproject.org/archives/list/[email protected]/message/YY7R2JZRO5I6WS62KTJFTZGKYELVFTVB/
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.13/community.yaml