SB20240312113 - openEuler 22.03 LTS SP1 update for hdf5

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Heap-based buffer overflow (CVE-ID: CVE-2018-17433)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary error in ReadGifImageDesc() in gifread.c in the HDF HDF5 when converting a GIF file to an HDF file. A remote attacker can trick the victim into opening a specially crafted HDF5 file and perform a denial of service attack.

2) Out-of-bounds write (CVE-ID: CVE-2018-17436)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary error in the ReadCode() function in decompress.c in the HDF HDF5. A remote attacker can trick the victim into opening specially crafted HDF file, trigger out-of-bounds write, and perform a denial of service attack.

3) Heap-based buffer overflow (CVE-ID: CVE-2020-10809)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the Decompress() function in decompress.c. A remote attacker can exploit the vulnerability by sending a crafted file to the gif2h5 binary, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1989