CVE-2025-50343
Heap-Based Memory Corruption in Matio 1.5.28 Causes Crashes
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| matio | matio | 1.5.28 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the matio library's Mat_VarCreateStruct() function when the number of fields (nfields) does not match the actual number of string pointers in the fields array. The function expects exactly nfields valid string pointers, but it does not validate this. If fewer valid pointers are provided, the function reads out-of-bounds memory and later attempts to free invalid or uninitialized pointers during cleanup. This causes heap-based memory corruption or segmentation faults. [2]
How can this vulnerability impact me? :
This vulnerability can lead to denial of service by causing application crashes or heap corruption. If the matio library is used in services that process user-supplied .mat files or user-controlled struct data, an attacker could remotely trigger this flaw, potentially causing remote exploitation or service disruption. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by running tests or code that calls Mat_VarCreateStruct() with a mismatch between the nfields parameter and the actual number of valid strings in the fields array. Using tools like AddressSanitizer to run such test code can reveal segmentation faults or heap corruption due to invalid frees. A minimal reproducer passes a higher nfields value than the number of valid field pointers, triggering the issue. Specific commands would involve compiling and running such test code with AddressSanitizer enabled to detect invalid memory operations. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include ensuring that any calls to Mat_VarCreateStruct() strictly validate that the fields array contains exactly nfields valid, non-NULL string pointers before calling the function. Avoid passing mismatched nfields and fields arrays. If possible, update to a patched version of matio that includes validation checks to prevent this heap corruption. Additionally, running matio under memory error detection tools like AddressSanitizer can help identify problematic usage during development or testing. [2]