* CVE-2019-9026: An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow in the function InflateVarName() in inflate.c when called from ReadNextCell in mat5.c. * CVE-2019-9027: An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow problem in the function ReadNextCell() in mat5.c. * CVE-2019-9028: An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function InflateDimensions() in inflate.c when called from ReadNextCell in mat5.c. References: * https://github.com/tbeu/matio/issues/103 * https://github.com/TeamSeri0us/pocs/tree/master/matio ---- Fadi
FYI: This now has fixes, as per the issue (https://github.com/tbeu/matio/issues/103).
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=568a3b2d4c68eb44798da9d63fa15d82bee8b887 commit 568a3b2d4c68eb44798da9d63fa15d82bee8b887 Author: David Seifert <soap@gentoo.org> AuthorDate: 2020-03-15 23:55:21 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2020-03-15 23:55:21 +0000 sci-libs/matio: Version bump to 1.5.17 Bug: https://bugs.gentoo.org/603218 Bug: https://bugs.gentoo.org/678816 Bug: https://bugs.gentoo.org/679476 Bug: https://bugs.gentoo.org/695314 Bug: https://bugs.gentoo.org/711822 Package-Manager: Portage-2.3.94, Repoman-2.3.21 Signed-off-by: David Seifert <soap@gentoo.org> sci-libs/matio/Manifest | 1 + sci-libs/matio/matio-1.5.17.ebuild | 46 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+)
*** This bug has been marked as a duplicate of bug 679476 ***
