HDF5 Double Free Vulnerability in Memory Management Functions

A double free vulnerability has been identified in the HDF5 library, affecting versions through 1.14.6. The issue arises in the memory management functions `H5MM_realloc` and `H5MM_xfree`, located in `src/H5MM.c`. The vulnerability occurs when `H5MM_realloc` is used to release memory by passing a size of zero, without subsequently nullifying the pointer. This oversight leads to a double free when `H5MM_xfree` is called, creating a potential for application crashes.

Impact

Exploitation of this vulnerability causes a segmentation fault due to a double free error, which can lead to arbitrary code execution or a denial-of-service condition by crashing the application.

Reproduction

The vulnerability can be reproduced by compiling the HDF5 library with AddressSanitizer enabled, using Clang as the compiler. After building the library, a fuzzer can be created and executed to trigger the double free condition. The fuzzer should write data to a temporary file, which is then opened with the HDF5 library. This process can be automated using a script that includes the necessary steps to compile the fuzzer, run it, and handle the generated data file.

Remediation

Users are advised to update to HDF5 version 1.14.6 or later, where this vulnerability has been addressed.