MKVToolNix v9.4.1 released

Somewhat unscheduled I’m releasing v9.4.1. It fixes several errors in mkvmerge, most of which are exploitable via specially crafted file. They were found by fuzzing done by Justin Smith.

Nothing’s been changed regarding the packagin since v9.4.0.

You can download the source code or one of the binaries. The Windows and Mac OS binaries are available. Most of the Linux binaries are still being built and will be available in a couple of hours.

Here’s the full ChangeLog since the previous release:

  • 2016-09-11 Moritz Bunkus <moritz@bunkus.org>
    • Released v9.4.1 "Black Rain".
  • 2016-09-07 Moritz Bunkus <moritz@bunkus.org>
    • Note: most of the bugs fixed on 2016-09-06 and 2016-09-07 for issue #1780 are potentially exploitable. The scenario is arbitrary code execution with specially-crafted files. Updating is highly recommended.
    • mkvmerge: bug fix: AVC & HEVC readers: the readers will now refuse to handle files where the detected pixel width or height is equal to or less than 0. Before this fix the muxing process aborted with an assertion inside libMatroska. Fixes the last test case of #1780.
    • mkvmerge: bug fix: HEVC parser: fixed another invalid memory access (beyond the end of allocated space). Fixes two test cases of #1780.
  • 2016-09-06 Moritz Bunkus <moritz@bunkus.org>
    • mkvmerge: bug fix: HEVC parser: fixed another invalid memory access (beyond the end of a fixed-size array). Fixes several test cases of #1780.
    • mkvmerge: bug fix: MP4 reader: an error message will be printed instead of an uncaught exception when an invalid atom chunk size is encountered during resync. Fixes a test case of #1780.
    • mkvmerge: bug fix: AAC reader: fixed mkvmerge throwing an uncaught exception due to the sample rate being 0. Fixes a test case of #1780.
    • mkvmerge: bug fix: MP4 reader: fixed an invalid memory access (beyond the end of allocated space). Fixes several test cases of #1780.
    • mkvmerge: bug fix: HEVC parser: fixed an invalid memory access (beyond the end of allocated space). Fixes several test cases of #1780.
    • mkvmerge: bug fix: fixed an invalid memory access (use after free) during global destruction phase. Fixes several test cases of #1780.
  • 2016-09-02 Moritz Bunkus <moritz@bunkus.org>
    • mkvmerge: bug fix: using very large –sync values (several minutes) with certain container formats was causing mkvmerge to abort muxing. Fixes #1774.

Have fun :)