Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 803131 (CVE-2020-36428, CVE-2021-36977) - sci-libs/matio: multiple vulnerabilities (CVE-2020-36428, CVE-2021-36977)
Summary: sci-libs/matio: multiple vulnerabilities (CVE-2020-36428, CVE-2021-36977)
Status: CONFIRMED
Alias: CVE-2020-36428, CVE-2021-36977
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-07-20 23:33 UTC by John Helmert III
Modified: 2021-07-29 18:09 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-07-20 23:33:51 UTC
CVE-2020-36428 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21421):

matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a heap-based buffer overflow in ReadInt32DataDouble (called from ReadInt32Data and Mat_VarRead4).

CVE-2021-36977 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31265):

matio (aka MAT File I/O Library) 1.5.20 and 1.5.21 has a heap-based buffer overflow in H5MM_memcpy (called from H5MM_malloc and H5C_load_entry).



No references to a fix.
Comment 1 NATTkA bot gentoo-dev 2021-07-29 17:20:47 UTC Comment hidden (obsolete)
Comment 2 NATTkA bot gentoo-dev 2021-07-29 17:28:53 UTC Comment hidden (obsolete)
Comment 3 NATTkA bot gentoo-dev 2021-07-29 17:36:50 UTC Comment hidden (obsolete)
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:44:53 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 17:52:56 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 17:56:52 UTC Comment hidden (obsolete)
Comment 7 NATTkA bot gentoo-dev 2021-07-29 18:00:52 UTC Comment hidden (obsolete)
Comment 8 NATTkA bot gentoo-dev 2021-07-29 18:09:09 UTC
Package list is empty or all packages have requested keywords.