14 DAY TRIAL // Unpatched versions of MKVToolNix would allow attackers to use a maliciously crafted Matroska file to trigger a vulnerability which leads to arbitrary code execution on the host machine using the current user's privileges.
The security issue was found by Cisco Talos Intelligence Group's Piotr Bania, Cory Duplantis, and Martin Zeiser in the MKVToolNix mkvinfo tool designed to parse information from loaded Matroska (.mkv) video files.
MKVToolNix is a multi-platform collection of tools designed to help create, alter and inspect Matroska multimedia files on computers running Linux, macOS, and Windows.
Moreover, Matroska is "an extensible, open source, open standard Multimedia container. Matroska is usually found as .MKV files (matroska video), .MKA files (matroska audio) and .MKS files (subtitles) and .MK3D files (stereoscopic/3D video). It is also the basis for .webm (.WebM) files."
The developer of MKVToolNix patched the disclosed vulnerability during the same day he was informed releasing the 28.2.0 aka "The Awakening" version, with October 25 being the date of both the security bug's disclosure and patch.
Attackers could trigger the vulnerability using a specially crafted Matroska (.MKV ) file
The CVE-2018-4022 use-after-free security issue affected MKVToolNix builds of all platforms, and it would allow potential attackers to execute code "in the context of the current user".
Bad actors could exploit the vulnerability by persuading the user to open a specially crafted MKV file with the MKVToolNix mkvinfo tool which would trigger the use-after-free condition.
"While reading a new element, the mkvinfo parser attempts to validate the current element by checking if it has a particular valid value. If there is no such value, the parser deletes the element since the read was invalid," details Cisco Talos' advisory.
"However, even if the element is deleted, the value is passed back to the calling function via a variable, but there is no validation, even if this element is valid and was not freed before."
All users are advised to update their MKVToolNix software to the latest 28.2.0 version which contains a fix for the security issue publicly disclosed by Cisco Talos on October 26.