A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1487
Created hdf5 tracking bugs for this issue: Affects: epel-all [bug 2172418] Affects: fedora-all [bug 2172417] Affects: openstack-rdo [bug 2172419]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-26061