CVE-2019-20016
Description
libmysofa before 2019-11-24 lacks recursion depth limits, allowing crafted HDF files to cause stack exhaustion via recursive calls in dataobject.c and fractalhead.c.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
libmysofa before 2019-11-24 lacks recursion depth limits, allowing crafted HDF files to cause stack exhaustion via recursive calls in dataobject.c and fractalhead.c.
Vulnerability
libmysofa before the 2019-11-24 commit lacks a recursion depth limit in the HDF parsing routines. Specifically, the functions readOHDRHeaderMessageDatatype in dataobject.c and directblockRead in fractalhead.c can call themselves recursively without bound when processing a crafted HDF file [1][2]. This leads to stack exhaustion. The issue affects all versions prior to the fix, including v0.8.
Exploitation
An attacker can trigger the vulnerability by supplying a malicious HDF file to any application that uses libmysofa to parse it, such as the mysofa2json utility. No authentication or special privileges are required; the file is simply opened and parsed. The recursive calls cause the stack to grow until a segmentation fault occurs, as demonstrated by AddressSanitizer stack-overflow reports [1][2].
Impact
Successful exploitation results in a denial-of-service condition: the application crashes due to stack overflow. There is no evidence in the available references of arbitrary code execution or information disclosure; the impact is limited to availability.
Mitigation
The fix was introduced in commit 2e6fac6 [3], which adds a recursive_counter field to the READER structure and limits recursion to 10 levels. According to the CVE description, a download of version 0.9 after 2019-12-06 should fully remediate the issue. Users should update to the latest version. No workaround is documented.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- libmysofa/libmysofadescription
- osv-coords2 versionspkg:rpm/opensuse/libmysofa&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/libmysofa&distro=SUSE%20Package%20Hub%2015%20SP2
< 0.9.1-lp152.3.3.1+ 1 more
- (no CPE)range: < 0.9.1-lp152.3.3.1
- (no CPE)range: < 0.9.1-bp152.4.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The library does not properly restrict recursive function calls, leading to stack consumption."
Attack vector
An attacker can trigger a stack overflow by providing a crafted input file to the `mysofa2json` utility. This crafted input causes deep recursion in functions like `directblockRead` and `readOHDRHeaderMessageDatatype`, consuming all available stack space and leading to a crash [ref_id=1, ref_id=2].
Affected code
The vulnerability is present in the `directblockRead` function within `fractalhead.c` and the `readOHDRHeaderMessageDatatype` function within `dataobject.c`. These functions can lead to deep recursive calls when processing malformed input files [ref_id=1, ref_id=2].
What the fix does
The patch introduces a recursive counter within the `reader` structure. Before entering a recursive call in `directblockRead`, the counter is checked and incremented. If the counter exceeds a limit (10), the function returns an error, preventing excessive recursion and stack overflow [ref_id=3]. The counter is decremented upon exiting the function to correctly track recursion depth.
Preconditions
- inputA crafted input file that triggers deep recursion.
Reproduction
POC overflow-libmysofa1 ./mysofa2json POC overflow-libmysofa2 ./mysofa2json POC
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- github.com/hoene/libmysofa/commit/2e6fac6ab6156dae8e8c6f417741388084b70d6fmitrex_refsource_MISC
- github.com/hoene/libmysofa/issues/83mitrex_refsource_MISC
- github.com/hoene/libmysofa/issues/84mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.