OESA-2022-1947

LAPACK (Linear Algebra PACKage) is a standard library for numerical linear algebra. LAPACK provides routines for solving systems of simultaneous linear equations, least-squares solutions of linear systems of equations, eigenvalue problems, and singular value problems. Associated matrix factorizations (LU, Cholesky, QR, SVD,Schur, and generalized Schur) and related computations (i.e.,reordering of Schur factorizations and estimating condition numbers)are also included. LAPACK can handle dense and banded matrices, but not general sparse matrices. Similar functionality is provided for real and complex matrices in both single and double precision. LAPACK is coded in Fortran90 and built with gcc.

Security Fix(es):

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.(CVE-2021-4048)