[Git][security-tracker-team/security-tracker][master] data/CVE/list: CVE-2020-36428: Note libmatio CVE likely HDF5

[Andreas Henriksson (@ah)]

Andreas Henriksson pushed to branch master at Debian Security Tracker / security-tracker


Commits:
971cd620 by Andreas Henriksson at 2026-01-17T17:39:38+01:00
data/CVE/list: CVE-2020-36428: Note libmatio CVE likely HDF5

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -406818,6 +406818,10 @@ CVE-2020-36428 (matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a hea
 	[stretch] - libmatio <not-affected> (Vulnerable code not present, introduced in 1.5.18)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21421
 	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/matio/OSV-2020-799.yaml
+	NOTE: NEWS for 1.5.22 mentions CVE-2020-36428 + CVE-2021-36977 together.
+	NOTE: "CVE-2021-36977 was fixed en-passant when the libhdf5 dependency was updated from v1.12.0 to v.12.1"
+	NOTE: https://github.com/google/oss-fuzz-vulns/pull/13
+	NOTE: In other words, this seems to be a underlying HDF5 problem rather than a libmatio bug.
 CVE-2019-25051 (objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acom ...)
 	{DSA-4948-1 DLA-2720-1}
 	- aspell 0.60.8-3 (bug #991307)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/971cd6204b413d3d18387a6e68dae139b0586c82

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/971cd6204b413d3d18387a6e68dae139b0586c82
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260117/e15151d6/attachment.htm>