Code Execution Vulnerability Patched in Cross-Platform MKVToolNix Toolset

Unpatched versions of MKVToolNix would allow attackers to use a maliciously crafted Matroska file to trigger a vulnerability which leads to arbitrary code execution on the host machine using the current user's privileges.

The security issue was found by Cisco Talos Intelligence Group's Piotr Bania, Cory Duplantis, and Martin Zeiser in the MKVToolNix mkvinfo tool designed to parse information from loaded Matroska (.mkv) video files.

MKVToolNix is a multi-platform collection of tools designed to help create, alter and inspect Matroska multimedia files on computers running Linux, macOS, and Windows.

Moreover, Matroska is "an extensible, open source, open standard Multimedia container. Matroska is usually found as .MKV files (matroska video), .MKA files (matroska audio) and .MKS files (subtitles) and .MK3D files (stereoscop... (read more)

No comments:

Post a Comment