HDF5 Heap-Based Buffer Overflow Vulnerability in H5F__accum_free Function

A heap-based buffer overflow vulnerability has been identified in the HDF5 library versions through 1.14.6. The issue arises in the H5F__accum_free function within src/H5Faccum.c. The vulnerability is triggered by improper handling of the overlap_size argument, leading to a heap-based buffer overflow. This issue requires local exploitation.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by compiling the HDF5 library with AddressSanitizer enabled, using Clang as the compiler. After building the library, a fuzzer can be created to write a crafted file that triggers the buffer overflow when processed by the HDF5 library. The fuzzer can be compiled and linked against the HDF5 library, and then executed to cause a segmentation fault, indicating that the buffer overflow has occurred.

Remediation

Users are advised to update to HDF5 version 1.14.6 or later, where this vulnerability has been addressed.