Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed.
References
Link | Resource |
---|---|
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16856 | Exploit Issue Tracking Third Party Advisory |
https://github.com/tbeu/matio/commit/651a8e28099edb5fbb9e4e1d4d3238848f446c9a | Patch |
https://lists.debian.org/debian-lts-announce/2020/06/msg00037.html | Mailing List Third Party Advisory |
Configurations
History
28 Feb 2023, 15:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/06/msg00037.html - Mailing List, Third Party Advisory | |
First Time |
Debian
Debian debian Linux |
Information
Published : 2019-10-13 02:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-17533
Mitre link : CVE-2019-17533
CVE.ORG link : CVE-2019-17533
JSON object : View
Products Affected
matio_project
- matio
debian
- debian_linux