A flaw was found in the HDF HDF5 1.10.2 library. An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c. It could allow a remote denial of service or information disclosure attack. References: https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5
Created hdf5 tracking bugs for this issue: Affects: epel-all [bug 1579947] Affects: fedora-all [bug 1579949]
Created attachment 1439603 [details] a plausible fix