CVE-2022-25972 — Out-of-bounds Write in Hdf5

CWE-787 — Out-of-bounds Write7 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 77.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hdfgroup Hdf5 Debian Hdf5 Hdf5 Group Libhdf5

Timeline

PublishedAug 22

Latest updateAug 23

Description

An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5hdf5_group/libhdf51.10.4

▶Debianhdfgroup/hdf5< 1.10.10+repack-1+1

▶NVDhdfgroup/hdf51.10.4

▶debiandebian/hdf5< hdf5 1.10.10+repack-1 (forky)

🔴Vulnerability Details

GHSA

GHSA-pg49-p7jf-3q72: An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1↗2022-08-23

▶

OSV

CVE-2022-25972: An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1↗2022-08-22

▶

📋Vendor Advisories

Red Hat

hdf5: HDF5 Group libhdf5 gif2h5 out-of-bounds write vulnerability↗2022-08-22

▶

Debian

CVE-2022-25972: hdf5 - An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 ...↗2022

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Three vulnerabilities in HDF5 file format could lead to remote code execution↗2022-08-16

▶

Talos

Vulnerability Spotlight: Three vulnerabilities in HDF5 file format could lead to remote code execution↗2022-08-16

▶