Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c. Reference and upstream commits: https://github.com/hoene/libmysofa/compare/f571522...e07edb3
We have libmysofa 1.1, never had earlier version.