Debian alert DLA-4459-1 (libmatio)
| From: | Andreas Henriksson <andreas@fatal.se> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 4459-1] libmatio security update | |
| Date: | Thu, 29 Jan 2026 14:59:33 +0100 | |
| Message-ID: | <7bcrfhowbyy73xyrw3aq3tjt2glhm375deadbofwcbz6mv6gze@qg3udz6alfl4> |
------------------------------------------------------------------------- Debian LTS Advisory DLA-4459-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Andreas Henriksson January 29, 2026 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : libmatio Version : 1.5.19-2+deb11u1 CVE ID : CVE-2022-1515 CVE-2025-2338 CVE-2025-50343 Debian Bug : 1104247 1124797 Multiple vulnerabilities has been discovered in libmatio, a MAT File I/O Library. CVE-2025-50343 A Denial of Service (DoS) and in certain cases heap corruption vulnerability was found, which could lead to potential remote code execution if libmatio is embedded in services that accepts user-supplied .mat files. CVE-2025-2338 A Denial of Service (DoS) and head-based buffer overflow was found, which could potentially lead to remote code execution if libmatio is embedded in services that accepts user-supplied .mat files. CVE-2022-1515 A memory leak was discovered in matio 1.5.21 and earlier. This could lead to a potential Denial of Service (DoS). CVE-2020-36428 A heap-based buffer overflow was found which could lead to potential remote code execution if libmatio is embedded in services that accepts user-supplied .mat files. Additionally CVE-2025-2337 and CVE-2020-36428 was investigated and deemed not to apply (directly) to this libmatio version. For Debian 11 bullseye, these problems have been fixed in version 1.5.19-2+deb11u1. We recommend that you upgrade your libmatio packages. For the detailed security status of libmatio please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libmatio Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+uHltkZSvnmOJ4zCC8R9xk0TUwYFAml7Z8MACgkQC8R9xk0T UwbFRw/9F8vxyWDK9dGcsFzXs+VW3GMYmi8MflVMkr665yeT2x8+NM31TiFJ2Qim gE0KAIs2jRH3cbot/HlbHtnRQab73twqIzRWGaolRmzmH8ZcZ8YN+EwCAXDFC9AR RGuikJsTSPIRM32PQqtHM/cPAxGt9aib7QAj7qM7zkKA7JeT+VCxPj3ygkqjMgaK YmwYKo9mtaTWJYnb1RqnZI4zNbGG0z6VJc5I+N96rh0B+wIg/6r+GWFBz+kH4Sfe ulfz1zTVm2Y9Zjx3zfyb/HoMbfaK0lxc7r8LLT9KtzjZzM++0SnIZQs3kwXs36S5 kOhgue0d8fz/9GuepntQBZNSLJSiXmoq2/MOXC8JE59jLsqVGuGn8ZaHqfLDObj2 udO1tBbjYF6VDOiIA/SBU0yxfhufaaZbENoBUMZsIGMh74z5HSynGAGTwXfSJjza wKZD+Rwfs/LcL9mQnqueVCMuk9SEsoCAfqJ1pSaOTTxI/4t2YvT2/Emko90maNDS cxIowvi1x8SKROIsY5p7jXuSsZR743qOOdYWBPxiNHd0COFfiapWZqapq+b/NQyH /iQX2fQC0+ct50EogK3SluUvCUo4ro0L48gsQ0rf7f0NX7zz6AInICHWZPEa95p1 P893BuR0apd2FR0DVxDh6PykZKA78PX6/sIDzWVarwFGSDn65Vw= =5qyY -----END PGP SIGNATURE-----