CVE-2022-26061 — Heap-based Buffer Overflow in Hdf5

CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write7 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 71.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hdfgroup Hdf5 Debian Hdf5 Hdf5 Group Libhdf5

Timeline

PublishedAug 22

Latest updateAug 23

Description

A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5hdf5_group/libhdf51.10.4

▶Debianhdfgroup/hdf5< 1.10.10+repack-1+1

▶NVDhdfgroup/hdf51.10.4

▶debiandebian/hdf5< hdf5 1.10.10+repack-1 (forky)

🔴Vulnerability Details

GHSA

GHSA-3qq4-m2c2-vqxm: A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1↗2022-08-23

▶

OSV

CVE-2022-26061: A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1↗2022-08-22

▶

📋Vendor Advisories

Red Hat

hdf5: HDF5 Group libhdf5 gif2h5 heap-based buffer overflow vulnerability↗2022-08-16

▶

Debian

CVE-2022-26061: hdf5 - A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of...↗2022

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Three vulnerabilities in HDF5 file format could lead to remote code execution↗2022-08-16

▶

Talos

Vulnerability Spotlight: Three vulnerabilities in HDF5 file format could lead to remote code execution↗2022-08-16

▶