CVE-2021-36977

Name of the Vulnerable Software and Affected Versions matio (aka MAT File I/O Library) versions 1.5.20 through 1.5.21

Description The issue is related to a heap-based buffer overflow in the H5MM memcpy function, which is called from H5MM malloc and H5C load entry. This overflow is associated with the use of HDF5 version 1.12.0.

Recommendations For matio versions 1.5.20 and 1.5.21, consider restricting the use of the H5MM memcpy function until a patch is available. As a temporary workaround, avoid using the H5MM malloc and H5C load entry functions that call H5MM memcpy to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.