CVE-2020-10809

Published: 3/22/2020 Last updated: 8/4/2024 Reserved: 3/22/2020

An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (1)

hdf5

Products affected (1)

Product	Vendor	Version
n/a	n/a	< da6ef2dffe6056aad3435e6cf7c6471c2a62187c

References (12)

https://research.loginsoft.com/bugs/heap-overflow-in-decompress-c-hdf5-1-13-0/
https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_1
https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/browse/release_docs/RELEASE.txt
https://research.loginsoft.com/bugs/heap-overflow-in-decompress-c-hdf5-1-13-0/
https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_1
https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/browse/release_docs/RELEASE.txt
https://research.loginsoft.com/bugs/heap-overflow-in-decompress-c-hdf5-1-13-0/
https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_1
https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/browse/release_docs/RELEASE.txt
https://research.loginsoft.com/bugs/heap-overflow-in-decompress-c-hdf5-1-13-0/
https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_1
https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/browse/release_docs/RELEASE.txt