[DLA 4459-1] libmatio security update
[SECURITY] [DLA 4459-1] libmatio security update
-------------------------------------------------------------------------
Debian LTS Advisory DLA-4459-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Andreas Henriksson
January 29, 2026 https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : libmatio
Version : 1.5.19-2+deb11u1
CVE ID : CVE-2022-1515 CVE-2025-2338 CVE-2025-50343
Debian Bug : 1104247 1124797
Multiple vulnerabilities has been discovered in libmatio, a MAT File I/O
Library.
CVE-2025-50343
A Denial of Service (DoS) and in certain cases heap corruption vulnerability
was found, which could lead to potential remote code execution if libmatio is
embedded in services that accepts user-supplied .mat files.
CVE-2025-2338
A Denial of Service (DoS) and head-based buffer overflow was found, which
could potentially lead to remote code execution if libmatio is embedded in
services that accepts user-supplied .mat files.
CVE-2022-1515
A memory leak was discovered in matio 1.5.21 and earlier. This could lead
to a potential Denial of Service (DoS).
CVE-2020-36428
A heap-based buffer overflow was found which could lead to potential remote
code execution if libmatio is embedded in services that accepts user-supplied
.mat files.
Additionally CVE-2025-2337 and CVE-2020-36428 was investigated and deemed
not to apply (directly) to this libmatio version.
For Debian 11 bullseye, these problems have been fixed in version
1.5.19-2+deb11u1.
We recommend that you upgrade your libmatio packages.
For the detailed security status of libmatio please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libmatio
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
