Cisco Blogs

Vulnerability Spotlight: Talos-2018-0694 – MKVToolNix mkvinfo read_one_element Code Execution Vulnerability

October 26, 2018 - 0 Comments

Piotr Bania, Cory Duplantis and Martin Zeiser of Cisco Talos discovered this vulnerability.

Today, Cisco Talos is disclosing a vulnerability that we identified in the MKVToolNix mkvinfo utility that parses the Matroska file format video files (.mkv files).

MKVToolNix is a set of tools to create, alter and inspect Matroska files on Linux, Windows and other operating systems.

Matroska is a file format for storing common multimedia content, like movies or TV shows, with implementations consisting of mostly of open-source software. Matroska file extensions are MKV for video, MK3D for stereoscopic video, MKA for audio-only files and MKS for subtitle-only files.



In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.