Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 678816 (CVE-2019-9026, CVE-2019-9027, CVE-2019-9028)

Summary: sci-libs/matio: multiple vulnerabilities
Product: Gentoo Security Reporter: Fadi Abu Sneineh <fadi+gentoo>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: normal CC: sci
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/TeamSeri0us/pocs/tree/master/matio
Whiteboard: ~2 [upstream]
Package list:
Runtime testing required: ---

Description Fadi Abu Sneineh 2019-02-26 09:50:46 UTC
* CVE-2019-9026: An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow in the function InflateVarName() in inflate.c when called from ReadNextCell in mat5.c.

* CVE-2019-9027: An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow problem in the function ReadNextCell() in mat5.c.

* CVE-2019-9028: An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function InflateDimensions() in inflate.c when called from ReadNextCell in mat5.c.

References:
* https://github.com/tbeu/matio/issues/103
* https://github.com/TeamSeri0us/pocs/tree/master/matio

----
Fadi