Bug#1124797: libmatio: CVE-2025-50343
Salvatore Bonaccorso
carnil at debian.org
Tue Jan 6 21:29:14 GMT 2026
Source: libmatio
Version: 1.5.29-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/tbeu/matio/issues/275
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for libmatio.
CVE-2025-50343[0]:
| An issue was discovered in matio 1.5.28. A heap-based memory
| corruption can occur in Mat_VarCreateStruct() when the nfields value
| does not match the actual number of strings in the fields array.
| This leads to out-of-bounds reads and invalid memory frees during
| cleanup, potentially causing a segmentation fault or heap
| corruption.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-50343
https://www.cve.org/CVERecord?id=CVE-2025-50343
[1] https://github.com/tbeu/matio/issues/275
[2] https://github.com/tbeu/matio/commit/41b505410dafaa236b61b52c7910d4c4831404f2
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the debian-science-maintainers
mailing list