CVE-2022-25942

Name of the Vulnerable Software and Affected Versions libhdf5 version 1.10.4

Description The issue is related to an out-of-bounds read vulnerability in the gif2h5 functionality of the libhdf5 library. This vulnerability can be exploited by a remote attacker who provides a specially-crafted GIF file, potentially leading to code execution in the target system. The exploitation occurs when a user opens a maliciously created GIF file.

Recommendations For libhdf5 version 1.10.4, consider avoiding the use of the gif2h5 functionality until a patch is available. As a temporary workaround, restrict the opening of GIF files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.