CVE-2025-50343

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-50343
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-50343.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-50343
Downstream
Related
Published
2025-12-30T20:16:00.217Z
Modified
2026-03-13T08:00:15.799779Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in matio 1.5.28. A heap-based memory corruption can occur in Mat_VarCreateStruct() when the nfields value does not match the actual number of strings in the fields array. This leads to out-of-bounds reads and invalid memory frees during cleanup, potentially causing a segmentation fault or heap corruption.

References

Affected packages

Git / github.com/tbeu/matio

Affected ranges

Type
GIT
Repo
https://github.com/tbeu/matio
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4677b3fd4030c52e0fe45a863c840c78fb56f9a3
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.28"
        }
    ]
}

Affected versions

v1.*
v1.5.0
v1.5.0b1
v1.5.1
v1.5.10
v1.5.11
v1.5.12
v1.5.13
v1.5.14
v1.5.15
v1.5.16
v1.5.17
v1.5.18
v1.5.19
v1.5.2
v1.5.20
v1.5.21
v1.5.22
v1.5.23
v1.5.24
v1.5.25
v1.5.26
v1.5.27
v1.5.28
v1.5.4
v1.5.5
v1.5.6
v1.5.7
v1.5.8
v1.5.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-50343.json"