mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

hdf5: patch CVE-2025-2913

Browse Source 
Details https://nvd.nist.gov/vuln/detail/CVE-2025-2913

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
This commit is contained in:
Ankur Tyagi
2025-10-29 00:32:41 +13:00
committed by Anuj Mittal
parent 3e72a5f33c
commit b42e6eb3e5
2 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/hdf5/files/CVE-2025-2913.patch
+32
View File
@@ -0,0 +1,32 @@
From 538a14fc5a1ed393495029d5054d934bc09844ee Mon Sep 17 00:00:00 2001
From: bmribler <39579120+bmribler@users.noreply.github.com>
Date: Tue, 5 Aug 2025 09:12:33 -0400
Subject: [PATCH] Fix reading bad size in the raw header continuation message
(#5710)
This issue was reported in GH-5376 as a heap-use-after-free vulnerability in
one of the free lists. It appeared that the library came to this vulnerability
after it encountered an undetected reading of a bad value. The fuzzer now failed
with an appropriate error message.
CVE: CVE-2025-2913
Upstream-Status: Backport [https://github.com/HDFGroup/hdf5/commit/7cc8b5e1010a09c892bc97ac32d9515c3777ce07]
(cherry picked from commit 7cc8b5e1010a09c892bc97ac32d9515c3777ce07)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
src/H5Ocont.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/H5Ocont.c b/src/H5Ocont.c
index 621095a198..c03f4dd1e9 100644
--- a/src/H5Ocont.c
+++ b/src/H5Ocont.c
@@ -100,6 +100,8 @@ H5O__cont_decode(H5F_t *f, H5O_t H5_ATTR_UNUSED *open_oh, unsigned H5_ATTR_UNUSE
if (H5_IS_BUFFER_OVERFLOW(p, H5F_sizeof_size(f), p_end))
HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "ran off end of input buffer while decoding");
H5F_DECODE_LENGTH(f, p, cont->size);
+ if (cont->size == 0)
+ HGOTO_ERROR(H5E_OHDR, H5E_BADVALUE, NULL, "invalid continuation chunk size (0)");
cont->chunkno = 0;
meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb
+1
View File
@@ -15,6 +15,7 @@ SRC_URI = " \
https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.14/hdf5-1.14.4/src/${BPN}-${PV}.tar.gz \
file://0002-Remove-suffix-shared-from-shared-library-name.patch \
file://0001-cmake-remove-build-flags.patch \
file://CVE-2025-2913.patch \
"
SRC_URI[sha256sum] = "019ac451d9e1cf89c0482ba2a06f07a46166caf23f60fea5ef3c37724a318e03"