{"containers": {"cna": {"affected": [{"product": "libhdf5", "vendor": "HDF5 Group", "versions": [{"status": "affected", "version": "1.10.4"}]}], "datePublic": "2022-08-16T00:00:00", "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-22T18:21:43", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1487"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "DATE_PUBLIC": "2022-08-16", "ID": "CVE-2022-26061", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "libhdf5", "version": {"version_data": [{"version_affected": "=", "version_value": "1.10.4"}]}}]}, "vendor_name": "HDF5 Group"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability."}]}, "impact": {"cvss": {"baseScore": 7.8, "baseSeverity": "High", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-122: Heap-based Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1487", "refsource": "MISC", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1487"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-30T18:29:25.570Z"}, "references": [{"url": "https://github.com/HDFGroup/hdf5/pull/4785"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1487"}], "title": "CVE Program Container", "x_generator": {"engine": "ADPogram 0.0.1"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-05T14:54:04.111325Z", "id": "CVE-2022-26061", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-05T14:54:28.919Z"}}]}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2022-26061", "datePublished": "2022-08-22T18:21:43.633041Z", "dateReserved": "2022-03-11T00:00:00", "dateUpdated": "2024-09-16T23:35:47.966Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/HDFGroup/hdf5/pull/4785"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1487", "tags": ["x_refsource_MISC", "x_transferred"]}], "x_generator": {"engine": "ADPogram 0.0.1"}, "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-30T18:29:25.570Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-26061", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-05T14:54:04.111325Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-05T14:54:22.845Z"}}], "cna": {"metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "HDF5 Group", "product": "libhdf5", "versions": [{"status": "affected", "version": "1.10.4"}]}], "datePublic": "2022-08-16T00:00:00", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1487", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2022-08-22T18:21:43"}, "x_legacyV4Record": {"impact": {"cvss": {"version": "3.0", "baseScore": 7.8, "baseSeverity": "High", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.10.4", "version_affected": "="}]}, "product_name": "libhdf5"}]}, "vendor_name": "HDF5 Group"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1487", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1487", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-122: Heap-based Buffer Overflow"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-26061", "STATE": "PUBLIC", "ASSIGNER": "talos-cna@cisco.com", "DATE_PUBLIC": "2022-08-16"}}}}, "cveMetadata": {"cveId": "CVE-2022-26061", "state": "PUBLISHED", "dateUpdated": "2024-09-16T23:35:47.966Z", "dateReserved": "2022-03-11T00:00:00", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2022-08-22T18:21:43.633041Z", "assignerShortName": "talos"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hdfgroup:hdf5:1.10.4:*:*:*:*:*:*:*", "matchCriteriaId": "1C82BB0E-2A5E-4273-8CF6-A3ED216F95F2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en la funcionalidad gif2h5 de HDF5 Group libhdf5 versi\u00f3n 1.10.4. Un archivo GIF especialmente dise\u00f1ado puede conllevar a una ejecuci\u00f3n de c\u00f3digo. Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad."}], "id": "CVE-2022-26061", "lastModified": "2024-11-21T06:53:21.970", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-22T19:15:09.487", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1487"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/HDFGroup/hdf5/pull/4785"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1487"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "talos-cna@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "hdf5: HDF5 Group libhdf5 gif2h5 heap-based buffer overflow vulnerability", "id": "2172354", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172354"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-122", "details": ["A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.", "A heap-based buffer overflow vulnerability was found in the gif2h5 functionality of HDF5 Group libhdf5. A specially-crafted GIF file can lead to code execution. This flaw allows an attacker to provide a malicious file to trigger this vulnerability."], "name": "CVE-2022-26061", "package_state": [{"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Not affected", "package_name": "hdf5", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:16.1", "fix_state": "Not affected", "package_name": "hdf5", "product_name": "Red Hat OpenStack Platform 16.1"}], "public_date": "2022-08-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-26061\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-26061\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2022-1487"], "threat_severity": "Important"}