Описание
An issue was discovered in matio 1.5.28. A heap-based memory corruption can occur in Mat_VarCreateStruct() when the nfields value does not match the actual number of strings in the fields array. This leads to out-of-bounds reads and invalid memory frees during cleanup, potentially causing a segmentation fault or heap corruption.
A flaw was found in matio. This vulnerability involves a memory error within the Mat_VarCreateStruct() function, where the system incorrectly handles the number of fields in a data structure. This can lead to out-of-bounds memory access and improper memory cleanup. An attacker could exploit this issue to cause the application to crash, resulting in a denial of service, or potentially to execute unauthorized code on the affected system.
Отчет
This vulnerability is rated Moderate because it involves heap-based memory corruption, which could lead to a denial of service or other impacts. Exploitation requires user interaction, such as opening a specially crafted MAT file, limiting the attack vector.
Дополнительная информация
7.3 High
CVSS3
Связанные уязвимости
An issue was discovered in matio 1.5.28. A heap-based memory corruption can occur in Mat_VarCreateStruct() when the nfields value does not match the actual number of strings in the fields array. This leads to out-of-bounds reads and invalid memory frees during cleanup, potentially causing a segmentation fault or heap corruption.
An issue was discovered in matio 1.5.28. A heap-based memory corruption can occur in Mat_VarCreateStruct() when the nfields value does not match the actual number of strings in the fields array. This leads to out-of-bounds reads and invalid memory frees during cleanup, potentially causing a segmentation fault or heap corruption.
An issue was discovered in matio 1.5.28. A heap-based memory corruptio ...
An issue was discovered in matio 1.5.28. A heap-based memory corruption can occur in Mat_VarCreateStruct() when the nfields value does not match the actual number of strings in the fields array. This leads to out-of-bounds reads and invalid memory frees during cleanup, potentially causing a segmentation fault or heap corruption.
7.3 High
CVSS3