HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Z__nbit_decompress_one_byte in H5Znbit.c, caused by the earlier use of an initialized pointer.
The vulnerability results from the use of an uninitialized pointer in the function responsible for decompressing data with the nbit filter. This leads to writing data outside the bounds of the allocated heap area (heap-based buffer overflow, CWE-787). An attacker can provide a specially crafted HDF5 file whose processing by the vulnerable library will trigger a buffer overflow error.
Successful exploitation may allow an attacker to execute arbitrary code (RCE) in the context of the process handling the HDF5 file, as well as violate the confidentiality, integrity, and availability of the system.
The HDF5 library should be updated to version 1.14.4 or later, in which the vulnerability has been fixed by the vendor. Details are available at: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/
HDF5 Library in versions up to and including 1.14.3 (Hdfgroup HDF5 through 1.14.3)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HHdfgroup Hdf5
APPHdfgroup< 1.14.4
Related vulnerabilities
Podatność RCE/DoS w bibliotece HDF5 — uszkodzenie pamięci w H5A__close
Stack buffer overflow w HDF5 — RCE lub DoS przez uszkodzenie wskaźnika instrukcji
HDF5: heap buffer overflow w H5HG_read umożliwiający RCE lub DoS
Buffer overflow w HDF5 H5Z__filter_scaleoffset – RCE lub DoS
HDF5 Library: użycie niezainicjowanej wartości w H5A__attr_release_table