Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 679476 (CVE-2019-9026, CVE-2019-9027, CVE-2019-9028, CVE-2019-9029, CVE-2019-9030, CVE-2019-9031, CVE-2019-9032, CVE-2019-9033, CVE-2019-9034, CVE-2019-9035, CVE-2019-9036, CVE-2019-9037, CVE-2019-9038)

Summary: <sci-libs/matio-1.5.17: multiple vulnerabilities (CVE-2019-{9026,9027,9028,9029,9030,9031,9032,9033,9034,9035,9036,9037,9038})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: fadi+gentoo, sci
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=711822
Whiteboard: ~2 [noglsa cve]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2019-03-05 00:56:39 UTC 
CVE-2019-9038 (https://nvd.nist.gov/vuln/detail/CVE-2019-9038):
  An issue was discovered in libmatio.a in matio (aka MAT File I/O Library)
  1.5.13. There is an out-of-bounds read problem with a SEGV in the function
  ReadNextCell() in mat5.c.

CVE-2019-9037 (https://nvd.nist.gov/vuln/detail/CVE-2019-9037):
  An issue was discovered in libmatio.a in matio (aka MAT File I/O Library)
  1.5.13. There is a buffer over-read in the function Mat_VarPrint() in mat.c.

CVE-2019-9036 (https://nvd.nist.gov/vuln/detail/CVE-2019-9036):
  An issue was discovered in libmatio.a in matio (aka MAT File I/O Library)
  1.5.13. There is a heap-based buffer overflow in the function
  ReadNextFunctionHandle() in mat5.c.

CVE-2019-9035 (https://nvd.nist.gov/vuln/detail/CVE-2019-9035):
  An issue was discovered in libmatio.a in matio (aka MAT File I/O Library)
  1.5.13. There is a stack-based buffer over-read in the function
  ReadNextStructField() in mat5.c.

CVE-2019-9034 (https://nvd.nist.gov/vuln/detail/CVE-2019-9034):
  An issue was discovered in libmatio.a in matio (aka MAT File I/O Library)
  1.5.13. There is a stack-based buffer over-read for a memcpy in the function
  ReadNextCell() in mat5.c.

CVE-2019-9033 (https://nvd.nist.gov/vuln/detail/CVE-2019-9033):
  An issue was discovered in libmatio.a in matio (aka MAT File I/O Library)
  1.5.13. There is a stack-based buffer over-read for the "Rank and Dimension"
  feature in the function ReadNextCell() in mat5.c.

CVE-2019-9032 (https://nvd.nist.gov/vuln/detail/CVE-2019-9032):
  An issue was discovered in libmatio.a in matio (aka MAT File I/O Library)
  1.5.13. There is an out-of-bounds write problem causing a SEGV in the
  function Mat_VarFree() in mat.c.

CVE-2019-9031 (https://nvd.nist.gov/vuln/detail/CVE-2019-9031):
  An issue was discovered in libmatio.a in matio (aka MAT File I/O Library)
  1.5.13. There is a NULL pointer dereference in the function Mat_VarFree() in
  mat.c.

CVE-2019-9030 (https://nvd.nist.gov/vuln/detail/CVE-2019-9030):
  An issue was discovered in libmatio.a in matio (aka MAT File I/O Library)
  1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in
  mat5.c.

CVE-2019-9029 (https://nvd.nist.gov/vuln/detail/CVE-2019-9029):
  An issue was discovered in libmatio.a in matio (aka MAT File I/O Library)
  1.5.13. There is an out-of-bounds read with a SEGV in the function
  Mat_VarReadNextInfo5() in mat5.c.

CVE-2019-9028 (https://nvd.nist.gov/vuln/detail/CVE-2019-9028):
  An issue was discovered in libmatio.a in matio (aka MAT File I/O Library)
  1.5.13. There is a stack-based buffer over-read in the function
  InflateDimensions() in inflate.c when called from ReadNextCell in mat5.c.

CVE-2019-9027 (https://nvd.nist.gov/vuln/detail/CVE-2019-9027):
  An issue was discovered in libmatio.a in matio (aka MAT File I/O Library)
  1.5.13. There is a heap-based buffer overflow problem in the function
  ReadNextCell() in mat5.c.

CVE-2019-9026 (https://nvd.nist.gov/vuln/detail/CVE-2019-9026):
  An issue was discovered in libmatio.a in matio (aka MAT File I/O Library)
  1.5.13. There is a heap-based buffer overflow in the function
  InflateVarName() in inflate.c when called from ReadNextCell in mat5.c.
Comment 1 Larry the Git Cow gentoo-dev 2020-03-15 23:55:52 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=568a3b2d4c68eb44798da9d63fa15d82bee8b887

commit 568a3b2d4c68eb44798da9d63fa15d82bee8b887
Author:     David Seifert <soap@gentoo.org>
AuthorDate: 2020-03-15 23:55:21 +0000
Commit:     David Seifert <soap@gentoo.org>
CommitDate: 2020-03-15 23:55:21 +0000

    sci-libs/matio: Version bump to 1.5.17
    
    Bug: https://bugs.gentoo.org/603218
    Bug: https://bugs.gentoo.org/678816
    Bug: https://bugs.gentoo.org/679476
    Bug: https://bugs.gentoo.org/695314
    Bug: https://bugs.gentoo.org/711822
    Package-Manager: Portage-2.3.94, Repoman-2.3.21
    Signed-off-by: David Seifert <soap@gentoo.org>

 sci-libs/matio/Manifest            |  1 +
 sci-libs/matio/matio-1.5.17.ebuild | 46 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+)
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2020-04-17 20:51:07 UTC 
CVE-2019-17533 (https://nvd.nist.gov/vuln/detail/CVE-2019-17533):
  Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0'
  character, leading to a heap-based buffer over-read in strdup_vprintf when
  uninitialized memory is accessed.
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-17 20:51:55 UTC 
(In reply to GLSAMaker/CVETool Bot from comment #2)
> CVE-2019-17533 (https://nvd.nist.gov/vuln/detail/CVE-2019-17533):
>   Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0'
>   character, leading to a heap-based buffer over-read in strdup_vprintf when
>   uninitialized memory is accessed.

Ignore this.

@maintainer(s), please cleanup here and in bug 711822.
Comment 4 Larry the Git Cow gentoo-dev 2020-04-17 21:11:18 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9974d3369078cfde93e4f1e5e9df5d1050bd5f50

commit 9974d3369078cfde93e4f1e5e9df5d1050bd5f50
Author:     David Seifert <soap@gentoo.org>
AuthorDate: 2020-04-17 21:11:02 +0000
Commit:     David Seifert <soap@gentoo.org>
CommitDate: 2020-04-17 21:11:02 +0000

    sci-libs/matio: Remove old versions
    
    Bug: https://bugs.gentoo.org/679476
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: David Seifert <soap@gentoo.org>

 sci-libs/matio/Manifest            |  2 --
 sci-libs/matio/matio-1.5.13.ebuild | 46 --------------------------------------
 sci-libs/matio/matio-1.5.16.ebuild | 46 --------------------------------------
 3 files changed, 94 deletions(-)
Comment 5 Yury German Gentoo Infrastructure gentoo-dev 2020-04-26 04:00:26 UTC 
*** Bug 678816 has been marked as a duplicate of this bug. ***
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-26 04:05:32 UTC 
Thanks! Closing.