------------------------------------------------------------------------- Debian LTS Advisory DLA-4459-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Andreas Henriksson January 29, 2026 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : libmatio Version : 1.5.19-2+deb11u1 CVE ID : CVE-2022-1515 CVE-2025-2338 CVE-2025-50343 Debian Bug : 1104247 1124797 Multiple vulnerabilities has been discovered in libmatio, a MAT File I/O Library. CVE-2025-50343 A Denial of Service (DoS) and in certain cases heap corruption vulnerability was found, which could lead to potential remote code execution if libmatio is embedded in services that accepts user-supplied .mat files. CVE-2025-2338 A Denial of Service (DoS) and head-based buffer overflow was found, which could potentially lead to remote code execution if libmatio is embedded in services that accepts user-supplied .mat files. CVE-2022-1515 A memory leak was discovered in matio 1.5.21 and earlier. This could lead to a potential Denial of Service (DoS). CVE-2020-36428 A heap-based buffer overflow was found which could lead to potential remote code execution if libmatio is embedded in services that accepts user-supplied .mat files. Additionally CVE-2025-2337 and CVE-2020-36428 was investigated and deemed not to apply (directly) to this libmatio version. For Debian 11 bullseye, these problems have been fixed in version 1.5.19-2+deb11u1. We recommend that you upgrade your libmatio packages. For the detailed security status of libmatio please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libmatio Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature