CVE-2022-25942: 
NixOS vulnerability analysis and mitigation

An out-of-bounds read vulnerability (CVE-2022-25942) exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. The vulnerability was discovered by Dave McDaniel of Cisco Talos and publicly disclosed on August 16, 2022. The issue affects the conversion process from GIF files to HDF5 format, which is commonly used to store large amounts of scientific data in industries such as GIS (Talos Report).

The vulnerability exists in the ReadGifHeader() function while attempting to convert GIF files to HDF5 format. The issue stems from a failure to check the file size against the Global Palette Size specified in the GIF file. This leads to repeated data filling the gifHead->HDFPalette and returning a pointer that points past the palette data in the destination structure instead of pointing to the GIF data from the original file. The vulnerability has been assigned a CVSSv3 score of 7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is classified as CWE-125 (Out-of-bounds Read) (Talos Report).

The vulnerability can lead to code execution when exploited successfully. The out-of-bounds read can result in heap corruption when parsing remaining data as image data, particularly when attempting to reallocate image memory due to misidentified multiple images (Talos Report).

Starting with version 1.10.10+repack-1, gif2h5 and h52gif tools are no longer installed as a mitigation measure (Debian Tracker).