Closed gutiniao closed 4 years ago
No need to report fuzzing issues since matio is on OSS-Fuzz with still about 40 open issues.
Instead of v1.5.17, please rerun the test against current master and reopen if the issue is still reproducible.
No need to report fuzzing issues since matio is on OSS-Fuzz with still about 40 open issues.
Instead of v1.5.17, please rerun the test against current master and reopen if the issue is still reproducible.
Yes, I just use 'git clone' to fetch the current master of the matio,the issue is still reproducible.
i 'm sure the issue is different from the fuzzing issues on OSS-fuzz.
Should be fixed now.
CVE-2019-20018 has been assigned for this issue.
A crafted input will lead to crash in mat5.c at matio 1.5.17. Triggered by ./matdump POC
Poc 003-stackoverflow-ReadNextCell-mat51001
The ASAN information is as follows: