A memory leak was discovered in Mat_VarCalloc in mat.c in matio 1.5.17 because SafeMulDims does not consider the rank==0 case.
CVE: (none) => CVE-2019-20052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20052 Fix is here: https://github.com/tbeu/matio/commit/a47b7cd3aca70e9a0bddf8146eb4ab0cbd19c2c3 It's not clear what versions (if any) are actually affected.
Assignee: bugsquad => geiger.david68210Summary: matio security flaw CVE-2019-20052 => matio possible new security issue CVE-2019-20052CC: (none) => nicolas.salgueroStatus comment: (none) => Patch available from upstreamWhiteboard: (none) => MGA7TOOSeverity: normal => major
Fixed in cauldron. Package pushed in mga7: src: matio-1.5.16-1.2.mga7
Assignee: geiger.david68210 => qa-bugsCC: (none) => mageiaWhiteboard: MGA7TOO => (none)Version: Cauldron => 7
Advisory: ======================== Updated matio packages fix security vulnerability: A memory leak was discovered in Mat_VarCalloc in mat.c in matio 1.5.17 because SafeMulDims does not consider the rank==0 case (CVE-2019-20052). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20052 ======================== Updated packages in core/updates_testing: ======================== matio-1.5.16-1.2.mga7 libmatio9-1.5.16-1.2.mga7 libmatio-devel-1.5.16-1.2.mga7 from matio-1.5.16-1.2.mga7.src.rpm
Status comment: Patch available from upstream => (none)
mga7, x86_64 CVE-2019-20052 https://github.com/tbeu/matio/issues/131 $ matdump 006-memleak InflateRankDims: inflate returned data error InflateVarNameTag: inflate returned data error Empty InflateRankDims: Reading dimensions expected type MAT_T_INT32 InflateRankDims: Reading dimensions expected type MAT_T_INT32 Name: Rank: 0 InflateRankDims: inflate returned data error Segmentation fault (core dumped) Updated packages. $ rpm -q matio matio-1.5.16-1.2.mga7 $ matdump 006-memleak InflateRankDims: inflate returned data error InflateVarNameTag: inflate returned data error Empty InflateRankDims: Reading dimensions expected type MAT_T_INT32 Name: Rank: 0 InflateRankDims: inflate returned data error Segmentation fault (core dumped) There is only a minor difference which gives the impression that the patch does not work. Upstream had difficulty verifying the fix or even the issue. So, what do we do in a case like this - just carry on regardless? I probably shall anyway.
CC: (none) => tarazed25
Someone needs to tell upstream that it's not fixed.
Whiteboard: (none) => feedback
Whiteboard: feedback => (none)Keywords: (none) => feedback