Bug#942255: libmatio: CVE-2019-17533
Salvatore Bonaccorso
carnil at debian.org
Sun Oct 13 09:31:16 BST 2019
Source: libmatio
Version: 1.5.17-3
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for libmatio.
CVE-2019-17533[0]:
| Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0'
| character, leading to a heap-based buffer over-read in strdup_vprintf
| when uninitialized memory is accessed.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-17533
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17533
[1] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16856
[2] https://github.com/tbeu/matio/commit/651a8e28099edb5fbb9e4e1d4d3238848f446c9a
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the debian-science-maintainers
mailing list