Vulnerability Spotlight: Talos-2018-0694 – MKVToolNix mkvinfo read_one_element Code Execution Vulnerability
Piotr Bania, Cory Duplantis and Martin Zeiser of Cisco Talos discovered this vulnerability.
Today, Cisco Talos is disclosing a vulnerability that we identified in the MKVToolNix mkvinfo utility that parses the Matroska file format video files (.mkv files).
MKVToolNix is a set of tools to create, alter and inspect Matroska files on Linux, Windows and other operating systems.
Matroska is a file format for storing common multimedia content, like movies or TV shows, with implementations consisting of mostly of open-source software. Matroska file extensions are MKV for video, MK3D for stereoscopic video, MKA for audio-only files and MKS for subtitle-only files.