CVE-2025-2338

NameCVE-2025-2338
DescriptionA vulnerability, which was classified as critical, was found in tbeu matio 1.5.28. Affected is the function strdup_vprintf of the file src/io.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1100992

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libmatio (PTS)bullseye1.5.19-2vulnerable
bookworm1.5.23-2vulnerable
sid, trixie1.5.28-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libmatiosource(unstable)(unfixed)1100992

Notes

[bookworm] - libmatio <postponed> (Minor issue, revisit when fixed upstream)
https://github.com/tbeu/matio/issues/269

Search for package or bug name: Reporting problems