Lucene search

Redhat.comRH:CVE-2022-26061

HistoryFeb 22, 2023 - 5:59 a.m.

CVE-2022-26061

2023-02-2205:59:48

redhat.com

access.redhat.com

cve-2022-26061

heap-based buffer overflow

hdf5 group libhdf5

gif file

code execution

vulnerability

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

36.5%

JSON

A heap-based buffer overflow vulnerability was found in the gif2h5 functionality of HDF5 Group libhdf5. A specially-crafted GIF file can lead to code execution. This flaw allows an attacker to provide a malicious file to trigger this vulnerability.

References

bugzilla.redhat.com/show_bug.cgi?id=2172354

nvd.nist.gov/vuln/detail/CVE-2022-26061

talosintelligence.com/vulnerability_reports/TALOS-2022-1487

www.cve.org/CVERecord?id=CVE-2022-26061

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

36.5%

JSON

Related for RH:CVE-2022-26061