Use-After-Free Vulnerability in MKVToolNix MKVINFO v25.0.0 Allows Arbitrary Code Execution

Use-After-Free Vulnerability in MKVToolNix MKVINFO v25.0.0 Allows Arbitrary Code Execution

CVE-2018-4022 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

A use-after-free vulnerability exists in the way MKVToolNix MKVINFO v25.0.0 handles the MKV (matroska) file format. A specially crafted MKV file can cause arbitrary code execution in the context of the current user.

Learn more about our User Device Pen Test.