diff options
| author | jhendersonHDF <jhenderson@hdfgroup.org> | 2023-04-15 05:13:14 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-04-15 05:13:14 (GMT) |
| commit | 68f6f16dff0e86afd62793b4da94859b1cdbc4af (patch) | |
| tree | a6f30a82fa181cdafa5b69429266e22980bd76c5 /release_docs | |
| parent | 4dfa4443a15423f6c483b9c1b46c34fa34efc5e1 (diff) | |
| download | hdf5-68f6f16dff0e86afd62793b4da94859b1cdbc4af.zip hdf5-68f6f16dff0e86afd62793b4da94859b1cdbc4af.tar.gz hdf5-68f6f16dff0e86afd62793b4da94859b1cdbc4af.tar.bz2 | |
Add buffer overrun checks to H5O__layout_decode and H5O__sdspace_decode (#2679) (#2730)
Diffstat (limited to 'release_docs')
| -rw-r--r-- | release_docs/RELEASE.txt | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index ea34b05..eb63c5a 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -118,6 +118,14 @@ Bug Fixes since HDF5-1.10.10 release =================================== Library ------- + - Fixed potential buffer overrun issues in some object header decode routines + + Several checks were added to H5O__layout_decode and H5O__sdspace_decode to + ensure that memory buffers don't get overrun when decoding buffers read from + a (possibly corrupted) HDF5 file. + + (JTH - 2023/04/05) + - Fixed a heap buffer overflow that occurs when reading from a dataset with a compact layout within a malformed HDF5 file @@ -136,7 +144,7 @@ Bug Fixes since HDF5-1.10.10 release match, opening of the dataset will fail. (JTH - 2023/04/13, GH-2606) - + - Fix for CVE-2019-8396 Malformed HDF5 files may have truncated content which does not match |