HDF5 file format is used to store large data sets in a data storage format similar to that of an SQL database. The HDF5 file format is defined in a YAML file and consists of a hierarchy of data objects. An object can be created with a script, a programmatic function call, or a .h5 file.
An attacker can provide a malicious .h5 file to trigger this vulnerability. An attacker can also use a crafted .h5 file to trigger this vulnerability.
The vulnerability exists due to incorrect validation of user-input data. An attacker can provide a malicious .h5 file to trigger this vulnerability. An attacker can also use a crafted .h5 file to trigger this vulnerability.
A stack-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
An attacker can also use a crafted file to trigger this vulnerability.
The vulnerability exists due to incorrect validation of user-input data. An attacker can provide a malicious file to trigger this vulnerability. An attacker can also use a crafted file to trigger this vulnerability.A race condition vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. An attacker can provide a malicious file to trigger this vulnerability. An attacker can also use
Vulnerability Scenario
A race condition vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. An attacker can provide a malicious file to trigger this vulnerability. An attacker can also use a crafted file to trigger this vulnerability.
A stack-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
An attacker can also use a crafted file to trigger this vulnerability.
VML file format
The vulnerability exists due to incorrect validation of user-input data. An attacker can provide a malicious file to trigger this vulnerability. An attacker can also use a crafted file to trigger this vulnerability.
A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
Timeline
Published on: 08/22/2022 19:15:00 UTC
Last modified on: 08/23/2022 17:11:00 UTC