8.2

CVE-2019-17533

Exploit
Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Matio ProjectMatio Version1.5.17
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.88% 0.767
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.2 3.9 4.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:N/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16856
Third Party Advisory
Exploit
Issue Tracking
https://github.com/tbeu/matio/commit/651a8e28099edb5fbb9e4e1d4d3238848f446c9a
Patch
https://lists.debian.org/debian-lts-announce/2020/06/msg00037.html
Third Party Advisory
Mailing List