Описание
An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| hdf5 | unfixed | package |
Примечания
https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_1
https://research.loginsoft.com/bugs/heap-overflow-in-decompress-c-hdf5-1-13-0/
Negligible security impact, malicous scientific data has more issues than a crash...
Fixed in 1.10.x-series in 1.10.10 https://forum.hdfgroup.org/t/release-of-hdf5-1-10-10-newsletter-192/11006
EPSS
Связанные уязвимости
An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.
An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.
An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.
An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.
Уязвимость функции Decompress() в файле decompress.c. библиотеки HDF5, позволяющая нарушителю вызвать отказ в обслуживании
EPSS