CVE-2025-50343
Unknown Unknown - Not Provided
Heap-Based Memory Corruption in Matio 1.5.28 Causes Crashes

Publication date: 2025-12-30

Last updated on: 2025-12-30

Assigner: MITRE

Description
An issue was discovered in matio 1.5.28. A heap-based memory corruption can occur in Mat_VarCreateStruct() when the nfields value does not match the actual number of strings in the fields array. This leads to out-of-bounds reads and invalid memory frees during cleanup, potentially causing a segmentation fault or heap corruption.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-30
Last Modified
2025-12-30
Generated
2026-06-16
AI Q&A
2025-12-30
EPSS Evaluated
2026-06-14
NVD
CVE-2025-50343
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
matio matio 1.5.28
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the matio library's Mat_VarCreateStruct() function when the number of fields (nfields) does not match the actual number of string pointers in the fields array. The function expects exactly nfields valid string pointers, but it does not validate this. If fewer valid pointers are provided, the function reads out-of-bounds memory and later attempts to free invalid or uninitialized pointers during cleanup. This causes heap-based memory corruption or segmentation faults. [2]

Impact Analysis

This vulnerability can lead to denial of service by causing application crashes or heap corruption. If the matio library is used in services that process user-supplied .mat files or user-controlled struct data, an attacker could remotely trigger this flaw, potentially causing remote exploitation or service disruption. [2]

Detection Guidance

This vulnerability can be detected by running tests or code that calls Mat_VarCreateStruct() with a mismatch between the nfields parameter and the actual number of valid strings in the fields array. Using tools like AddressSanitizer to run such test code can reveal segmentation faults or heap corruption due to invalid frees. A minimal reproducer passes a higher nfields value than the number of valid field pointers, triggering the issue. Specific commands would involve compiling and running such test code with AddressSanitizer enabled to detect invalid memory operations. [2]

Mitigation Strategies

Immediate mitigation steps include ensuring that any calls to Mat_VarCreateStruct() strictly validate that the fields array contains exactly nfields valid, non-NULL string pointers before calling the function. Avoid passing mismatched nfields and fields arrays. If possible, update to a patched version of matio that includes validation checks to prevent this heap corruption. Additionally, running matio under memory error detection tools like AddressSanitizer can help identify problematic usage during development or testing. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-50343. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart