Bug#1100992: libmatio: CVE-2025-2337 CVE-2025-2338
Moritz Mühlenhoff
jmm at inutil.org
Fri Mar 21 13:25:03 GMT 2025
Source: libmatio
X-Debbugs-CC: team at security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for libmatio.
CVE-2025-2337[0]:
| A vulnerability, which was classified as critical, has been found in
| tbeu matio 1.5.28. This issue affects the function Mat_VarPrint of
| the file src/mat.c. The manipulation leads to heap-based buffer
| overflow. The attack may be initiated remotely. The exploit has been
| disclosed to the public and may be used.
https://github.com/tbeu/matio/issues/267
CVE-2025-2338[1]:
| A vulnerability, which was classified as critical, was found in tbeu
| matio 1.5.28. Affected is the function strdup_vprintf of the file
| src/io.c. The manipulation leads to heap-based buffer overflow. It
| is possible to launch the attack remotely. The exploit has been
| disclosed to the public and may be used.
https://github.com/tbeu/matio/issues/269
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-2337
https://www.cve.org/CVERecord?id=CVE-2025-2337
[1] https://security-tracker.debian.org/tracker/CVE-2025-2338
https://www.cve.org/CVERecord?id=CVE-2025-2338
Please adjust the affected versions in the BTS as needed.
More information about the debian-science-maintainers
mailing list