CVE-2019-17533

High

Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf…

mitre·CWE-125·Published 2019-10-13

CVSS

8.2

EPSS

0.02

KEV

Exploits

cve.orgen

176 chars

Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed.

NVDen

176 chars

Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed.

La función Mat_VarReadNextInfo4 en el archivo mat4.c en MATIO versión 1.5.17, omite cierto carácter '\0', lo que conlleva a una lectura excesiva de búfer en la región heap de la memoria en strdup_vprintf cuando se accede a la memoria no inicializada.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.4	10.0	4.9	AV:N/AC:L/Au:N/C:P/I:N/A:P
3.1	Primary	NVD	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H