CVE-2019-17533 — HIGH (8.2)

Vulnerability Description

Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed.

CVSS Score

8.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Matio Project	Matio	1.5.17
Debian	Debian Linux	8.0

Related Weaknesses (CWE)

CWE-908 CWE-125

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16856ExploitIssue TrackingThird Party Advisory
https://github.com/tbeu/matio/commit/651a8e28099edb5fbb9e4e1d4d3238848f446c9aPatch
https://lists.debian.org/debian-lts-announce/2020/06/msg00037.htmlMailing ListThird Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16856ExploitIssue TrackingThird Party Advisory
https://github.com/tbeu/matio/commit/651a8e28099edb5fbb9e4e1d4d3238848f446c9aPatch
https://lists.debian.org/debian-lts-announce/2020/06/msg00037.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2019-17533?

CVE-2019-17533 is a vulnerability with a CVSS score of 8.2 (HIGH). Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed.

How severe is CVE-2019-17533?

CVE-2019-17533 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-17533?

Check the references section above for vendor advisories and patch information. Affected products include: Matio Project Matio, Debian Debian Linux.