Bug 1188595 (CVE-2020-19497)

Summary: VUL-1: CVE-2020-19497: matio: integer overflow vulnerability in mat5.c in tbeu matio
Product: [openSUSE] openSUSE Distribution Reporter: Alexander Bergmann <abergmann>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P4 - Low    
Version: Leap 15.2   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/304919/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexander Bergmann 2021-07-22 06:10:31 UTC
CVE-2020-19497

Integer overflow vulnerability in Mat_VarReadNextInfo5 in mat5.c in tbeu matio
(aka MAT File I/O Library) 1.5.17, allows attackers to cause a Denial of Service
or possibly other unspecified impacts.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19497
https://github.com/tbeu/matio/commit/5fa49ef9fc4368fe3d19b5fdaa36d8fa5e7f4606
https://github.com/tbeu/matio/issues/121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19497
Comment 1 Marcus Meissner 2022-12-08 08:34:40 UTC
should be fixed in newer leaps, older leaps are EOL.