Code Execution Vulnerability Patched in Cross-Platform MKVToolNix Toolset

The use-after-free bug was found in the mkvinfo utility


26th October 2018, By Sergiu Gatlan


Unpatched versions of MKVToolNix would allow attackers to use a maliciously crafted Matroska file to trigger a vulnerability which leads to arbitrary code execution on the host machine using the current user’s privileges.


The security issue was found by Cisco Talos Intelligence Group’s Piotr Bania, Cory Duplantis, and Martin Zeiser in the MKVToolNix mkvinfo tool designed to parse information from loaded Matroska (.mkv) video files.


Full Article.

Take a look at the best antivirus, anti-malware, anti-spy, etc. software