diff options
| -rw-r--r-- | release_docs/RELEASE.txt | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index 47c9730..1b6999d 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -89,6 +89,17 @@ New Features Library: -------- + - Fix for CVE-2019-8396 + + Malformed HDF5 files may have truncated content which does not match + the expected size. When H5O__pline_decode() attempts to decode these it + may read past the end of the allocated space leading to heap overflows + as bounds checking is incomplete. + + The fix ensures each element is within bounds before reading. + + (2022/11/09 - HDFFV-10712, CVE-2019-8396, GitHub #2209) + - Removal of memory allocation sanity checks feature This feature added heap canaries and statistics tracking for internal |