CVE-2020-36428

Name of the Vulnerable Software and Affected Versions matio versions 1.5.18 through 1.5.21

Description The issue is related to a heap-based buffer overflow in the ReadInt32DataDouble function of the MATIO library, which can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. The ReadInt32DataDouble function is called from ReadInt32Data and Mat VarRead4.

Recommendations For matio versions 1.5.18 through 1.5.21, consider disabling the ReadInt32DataDouble function as a temporary workaround until a patch is available. Restrict access to the MATIO library to minimize the risk of exploitation. Avoid using the ReadInt32DataDouble function in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.