An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1485
Created hdf5 tracking bugs for this issue: Affects: epel-all [bug 2172421] Affects: fedora-all [bug 2172420] Affects: openstack-rdo [bug 2172422]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-25972