6.5

CVE-2021-36977

matio (aka MAT File I/O Library) 1.5.20 and 1.5.21 has a heap-based buffer overflow in H5MM_memcpy (called from H5MM_malloc and H5C_load_entry), related to use of HDF5 1.12.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Matio ProjectMatio Version1.5.20
Matio ProjectMatio Version1.5.21
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.5% 0.71
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31265
Patch
Third Party Advisory
https://github.com/HDFGroup/hdf5/issues/272
Third Party Advisory
Issue Tracking
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/matio/OSV-2021-440.yaml
Third Party Advisory
https://github.com/google/oss-fuzz-vulns/commit/37b781ace1b4228fc36483bb7e30c72ea9d4c3d6
Patch
Third Party Advisory
Issue Tracking
https://github.com/google/oss-fuzz/issues/4999
Third Party Advisory
Issue Tracking