CVE-2022-25972

Name of the Vulnerable Software and Affected Versions HDF5 Group libhdf5 version 1.10.4

Description An out-of-bounds write issue exists in the gif2h5 functionality, allowing code execution through a specially-crafted GIF file. An attacker can trigger this issue by providing a malicious file, potentially enabling them to execute arbitrary code on the target system.

Recommendations For version 1.10.4, consider avoiding the use of the gif2h5 functionality until a patch is available. As a temporary workaround, restrict the opening of GIF files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.