Control: clone -1 -2 Control: retitle -1 libmatio: CVE-2025-2337 Control: forwarded -1 https://github.com/tbeu/matio/issues/267 Control: tags -1 + fixed-upstream Control: retitle -2 libmatio: CVE-2025-2338 Control: forwarded -1 https://github.com/tbeu/matio/issues/269
Hi, On Fri, Mar 21, 2025 at 02:25:03PM +0100, Moritz Mühlenhoff wrote: > Source: libmatio > X-Debbugs-CC: t...@security.debian.org > Severity: important > Tags: security > > Hi, > > The following vulnerabilities were published for libmatio. > > CVE-2025-2337[0]: > | A vulnerability, which was classified as critical, has been found in > | tbeu matio 1.5.28. This issue affects the function Mat_VarPrint of > | the file src/mat.c. The manipulation leads to heap-based buffer > | overflow. The attack may be initiated remotely. The exploit has been > | disclosed to the public and may be used. > > https://github.com/tbeu/matio/issues/267 For issue #267 upstream a fix has been applied now as https://github.com/tbeu/matio/commit/67000893b627205c42abc125d7917b6b2d18f84f so you might want to apply it for an inclusion in trixie if you find time? splitting the bugs in two to cover the both (one fixed) and one yet open CVE upstream. Regards, Salvatore
