summaryrefslogtreecommitdiffstats
path: root/release_docs
diff options
context:
space:
mode:
authorEgbert Eich <eich@suse.com>2022-11-11 05:01:45 (GMT)
committerGitHub <noreply@github.com>2022-11-11 05:01:45 (GMT)
commit99487d9e45c8245a829f18a060fa472d0422edbb (patch)
treeb8dee533715c39c87347a1395f9a13933b4be450 /release_docs
parent5985d0e0b14d7df406ac7818f4b52b6fdbcc9b1b (diff)
downloadhdf5-99487d9e45c8245a829f18a060fa472d0422edbb.zip
hdf5-99487d9e45c8245a829f18a060fa472d0422edbb.tar.gz
hdf5-99487d9e45c8245a829f18a060fa472d0422edbb.tar.bz2
H5IMget_image_info(): Make sure to not exceed local array size (#2227)
Malformed hdf5 files may provide more dimensions than the array dim[] in H5IMget_image_info() is able to hold. Check number of elements first by calling H5Sget_simple_extent_dims() with NULL for both 'dims' and 'maxdims' arguments. This will cause the function to return only the number of dimensions. The fix addresse a stack overflow on write. This fixes CVE-2018-17439 / HDFFV-10589 / Bug #2226. Signed-off-by: Egbert Eich <eich@suse.com> Signed-off-by: Egbert Eich <eich@suse.com>
Diffstat (limited to 'release_docs')
-rw-r--r--release_docs/RELEASE.txt14
1 files changed, 12 insertions, 2 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index 1b6999d..48fcc3b 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -172,8 +172,18 @@ Bug Fixes since HDF5-1.13.3 release
===================================
Library
-------
- -
-
+
+ - Fix CVE-2018-17439 / GHSA-vcxv-vp43-rch7
+
+ H5IMget_image_info(): Make sure to not exceed local array size
+
+ Malformed hdf5 files may provide more dimensions than the array dim[] in
+ H5IMget_image_info() is able to hold. Check number of elements first by calling
+ H5Sget_simple_extent_dims() with NULL for both 'dims' and 'maxdims' arguments.
+ This will cause the function to return only the number of dimensions.
+ The fix addresses a stack overflow on write.
+
+ (EFE - 2022/09/27 HDFFV-10589, GH-2226)
Java Library
------------