Bug#1014391: scilab: CVE-2022-30045 incorrect memory handling in ezml support leading to a heap out-of-bounds read
Sylvestre Ledru
sylvestre at mozilla.com
Mon Aug 1 17:25:04 BST 2022
Hello,
Le 05/07/2022 à 11:19, Neil Williams a écrit :
> Source: scilab
> Version: 6.1.1+dfsg2-3
> Severity: important
> Tags: security
> X-Debbugs-Cc: codehelp at debian.org, Debian Security Team <team at security.debian.org>
>
> Hi,
>
> The following vulnerability was published for scilab.
>
> CVE-2022-30045[0]:
> | An issue was discovered in libezxml.a in ezXML 0.8.6. The function
> | ezxml_decode() performs incorrect memory handling while parsing
> | crafted XML files, leading to a heap out-of-bounds read.
>
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2022-30045
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30045
>
> Please adjust the affected versions in the BTS as needed.
>
While Scilab indeed ships ezxml.c, I am not sure how this can be exploited.
The code is probably only used to load scicos/xcos schema.
https://github.com/scilab/scilab/blob/b0937f19e4b8ddf416ca9a9a433bcbbd3f4ef2c0/scilab/modules/scicos/src/c/ezxml.c
Cheers
Sylvestre
More information about the debian-science-maintainers
mailing list