679476 – (CVE-2019-9026, CVE-2019-9027, CVE-2019-9028, CVE-2019-9029, CVE-2019-9030, CVE-2019-9031, CVE-2019-9032, CVE-2019-9033, CVE-2019-9034, CVE-2019-9035, CVE-2019-9036, CVE-2019-9037, CVE-2019-9038) <sci-libs/matio-1.5.17: multiple vulnerabilities (CVE-2019-{9026,9027,9028,9029,9030,9031,9032,9033,9034,9035,9036,9037,9038})

Bug 679476 (CVE-2019-9026, CVE-2019-9027, CVE-2019-9028, CVE-2019-9029, CVE-2019-9030, CVE-2019-9031, CVE-2019-9032, CVE-2019-9033, CVE-2019-9034, CVE-2019-9035, CVE-2019-9036, CVE-2019-9037, CVE-2019-9038) - <sci-libs/matio-1.5.17: multiple vulnerabilities (CVE-2019-{9026,9027,9028,9029,9030,9031,9032,9033,9034,9035,9036,9037,9038})

Summary: <sci-libs/matio-1.5.17: multiple vulnerabilities (CVE-2019-{9026,9027,9028,90...

Status:	RESOLVED FIXED

Alias:	CVE-2019-9026, CVE-2019-9027, CVE-2019-9028, CVE-2019-9029, CVE-2019-9030, CVE-2019-9031, CVE-2019-9032, CVE-2019-9033, CVE-2019-9034, CVE-2019-9035, CVE-2019-9036, CVE-2019-9037, CVE-2019-9038

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	~2 [noglsa cve]
Keywords:

Duplicates (1):	678816 (view as bug list)
Depends on:
Blocks:

Reported:	2019-03-05 00:56 UTC by GLSAMaker/CVETool Bot
Modified:	2020-04-26 04:05 UTC (History)
CC List:	2 users (show)

See Also:	CVE-2019-13107
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2019-03-05 00:56:39 UTC

CVE-2019-9038 (https://nvd.nist.gov/vuln/detail/CVE-2019-9038):
  An issue was discovered in libmatio.a in matio (aka MAT File I/O Library)
  1.5.13. There is an out-of-bounds read problem with a SEGV in the function
  ReadNextCell() in mat5.c.

CVE-2019-9037 (https://nvd.nist.gov/vuln/detail/CVE-2019-9037):
  An issue was discovered in libmatio.a in matio (aka MAT File I/O Library)
  1.5.13. There is a buffer over-read in the function Mat_VarPrint() in mat.c.

CVE-2019-9036 (https://nvd.nist.gov/vuln/detail/CVE-2019-9036):
  An issue was discovered in libmatio.a in matio (aka MAT File I/O Library)
  1.5.13. There is a heap-based buffer overflow in the function
  ReadNextFunctionHandle() in mat5.c.

CVE-2019-9035 (https://nvd.nist.gov/vuln/detail/CVE-2019-9035):
  An issue was discovered in libmatio.a in matio (aka MAT File I/O Library)
  1.5.13. There is a stack-based buffer over-read in the function
  ReadNextStructField() in mat5.c.

CVE-2019-9034 (https://nvd.nist.gov/vuln/detail/CVE-2019-9034):
  An issue was discovered in libmatio.a in matio (aka MAT File I/O Library)
  1.5.13. There is a stack-based buffer over-read for a memcpy in the function
  ReadNextCell() in mat5.c.

CVE-2019-9033 (https://nvd.nist.gov/vuln/detail/CVE-2019-9033):
  An issue was discovered in libmatio.a in matio (aka MAT File I/O Library)
  1.5.13. There is a stack-based buffer over-read for the "Rank and Dimension"
  feature in the function ReadNextCell() in mat5.c.

CVE-2019-9032 (https://nvd.nist.gov/vuln/detail/CVE-2019-9032):
  An issue was discovered in libmatio.a in matio (aka MAT File I/O Library)
  1.5.13. There is an out-of-bounds write problem causing a SEGV in the
  function Mat_VarFree() in mat.c.

CVE-2019-9031 (https://nvd.nist.gov/vuln/detail/CVE-2019-9031):
  An issue was discovered in libmatio.a in matio (aka MAT File I/O Library)
  1.5.13. There is a NULL pointer dereference in the function Mat_VarFree() in
  mat.c.

CVE-2019-9030 (https://nvd.nist.gov/vuln/detail/CVE-2019-9030):
  An issue was discovered in libmatio.a in matio (aka MAT File I/O Library)
  1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in
  mat5.c.

CVE-2019-9029 (https://nvd.nist.gov/vuln/detail/CVE-2019-9029):
  An issue was discovered in libmatio.a in matio (aka MAT File I/O Library)
  1.5.13. There is an out-of-bounds read with a SEGV in the function
  Mat_VarReadNextInfo5() in mat5.c.

CVE-2019-9028 (https://nvd.nist.gov/vuln/detail/CVE-2019-9028):
  An issue was discovered in libmatio.a in matio (aka MAT File I/O Library)
  1.5.13. There is a stack-based buffer over-read in the function
  InflateDimensions() in inflate.c when called from ReadNextCell in mat5.c.

CVE-2019-9027 (https://nvd.nist.gov/vuln/detail/CVE-2019-9027):
  An issue was discovered in libmatio.a in matio (aka MAT File I/O Library)
  1.5.13. There is a heap-based buffer overflow problem in the function
  ReadNextCell() in mat5.c.

CVE-2019-9026 (https://nvd.nist.gov/vuln/detail/CVE-2019-9026):
  An issue was discovered in libmatio.a in matio (aka MAT File I/O Library)
  1.5.13. There is a heap-based buffer overflow in the function
  InflateVarName() in inflate.c when called from ReadNextCell in mat5.c.

Comment 1 Larry the Git Cow gentoo-dev

2020-03-15 23:55:52 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=568a3b2d4c68eb44798da9d63fa15d82bee8b887

commit 568a3b2d4c68eb44798da9d63fa15d82bee8b887
Author:     David Seifert <soap@gentoo.org>
AuthorDate: 2020-03-15 23:55:21 +0000
Commit:     David Seifert <soap@gentoo.org>
CommitDate: 2020-03-15 23:55:21 +0000

    sci-libs/matio: Version bump to 1.5.17
    
    Bug: https://bugs.gentoo.org/603218
    Bug: https://bugs.gentoo.org/678816
    Bug: https://bugs.gentoo.org/679476
    Bug: https://bugs.gentoo.org/695314
    Bug: https://bugs.gentoo.org/711822
    Package-Manager: Portage-2.3.94, Repoman-2.3.21
    Signed-off-by: David Seifert <soap@gentoo.org>

 sci-libs/matio/Manifest            |  1 +
 sci-libs/matio/matio-1.5.17.ebuild | 46 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+)

Comment 2 GLSAMaker/CVETool Bot gentoo-dev

2020-04-17 20:51:07 UTC

CVE-2019-17533 (https://nvd.nist.gov/vuln/detail/CVE-2019-17533):
  Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0'
  character, leading to a heap-based buffer over-read in strdup_vprintf when
  uninitialized memory is accessed.

Comment 3 Sam James archtester

2020-04-17 20:51:55 UTC

(In reply to GLSAMaker/CVETool Bot from comment #2)
> CVE-2019-17533 (https://nvd.nist.gov/vuln/detail/CVE-2019-17533):
>   Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0'
>   character, leading to a heap-based buffer over-read in strdup_vprintf when
>   uninitialized memory is accessed.

Ignore this.

@maintainer(s), please cleanup here and in bug 711822.

Comment 4 Larry the Git Cow gentoo-dev

2020-04-17 21:11:18 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9974d3369078cfde93e4f1e5e9df5d1050bd5f50

commit 9974d3369078cfde93e4f1e5e9df5d1050bd5f50
Author:     David Seifert <soap@gentoo.org>
AuthorDate: 2020-04-17 21:11:02 +0000
Commit:     David Seifert <soap@gentoo.org>
CommitDate: 2020-04-17 21:11:02 +0000

    sci-libs/matio: Remove old versions
    
    Bug: https://bugs.gentoo.org/679476
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: David Seifert <soap@gentoo.org>

 sci-libs/matio/Manifest            |  2 --
 sci-libs/matio/matio-1.5.13.ebuild | 46 --------------------------------------
 sci-libs/matio/matio-1.5.16.ebuild | 46 --------------------------------------
 3 files changed, 94 deletions(-)

Comment 5 Yury German Gentoo Infrastructure

2020-04-26 04:00:26 UTC

*** Bug 678816 has been marked as a duplicate of this bug. ***

Comment 6 Sam James archtester

2020-04-26 04:05:32 UTC

Thanks! Closing.