There are 6 open security issues in bullseye.
3 important issues:
- CVE-2019-8396:
A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."
- CVE-2019-8398:
An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c.
- CVE-2018-11205:
A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
3 issues left for the package maintainer to handle:
- CVE-2022-25942:
(postponed; to be fixed through a stable update)
An out-of-bounds read vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
- CVE-2022-25972:
(postponed; to be fixed through a stable update)
An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
- CVE-2022-26061:
(postponed; to be fixed through a stable update)
A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
You can find information about how to handle these issues in the security team's documentation.