VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 13, 2020· Updated Aug 4, 2024

CVE-2020-6860

CVE-2020-6860

Description

libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar that can be triggered by a crafted HDF file, potentially leading to code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar that can be triggered by a crafted HDF file, potentially leading to code execution.

Vulnerability

libmysofa version 0.9.1 contains a stack-based buffer overflow in the readDataVar function within hdf/dataobject.c. The vulnerability occurs during the parsing of a header message attribute when processing a crafted HDF file. The overflow is triggered by an unbounded sprintf call that writes data into a fixed-size stack buffer, as demonstrated by AddressSanitizer output showing a write of size 20 beyond the buffer boundary [1].

Exploitation

An attacker can exploit this vulnerability by supplying a specially crafted HDF file to the mysofa2json utility or any application that uses the libmysofa library to parse HDF files. No authentication or special privileges are required; the attacker only needs to convince a user or automated process to open the malicious file. The overflow occurs during the normal parsing flow, specifically in readDataVar at line 555 of dataobject.c, when processing attribute data [1].

Impact

Successful exploitation of the stack-based buffer overflow can lead to memory corruption, potentially allowing an attacker to execute arbitrary code in the context of the affected process. The AddressSanitizer trace confirms a stack buffer overflow, which could be leveraged for control-flow hijacking or denial of service [1].

Mitigation

As of the available references, no official patch or fixed version has been disclosed for CVE-2020-6860. Users are advised to monitor the libmysofa repository for updates and consider limiting the processing of untrusted HDF files until a fix is released [1].

References
  1. Stack Buffer Overflow in mysofa2json

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Unbounded sprintf call in readDataVar writes into a fixed-size stack buffer, causing a stack-based buffer overflow."

Attack vector

An attacker supplies a crafted HDF/SOFA file whose header message attribute contains a numeric value that, when formatted by `sprintf` into the 16-byte stack buffer `number`, overflows adjacent stack memory. The overflow is triggered during parsing of the file by `mysofa2json` (or any tool using `mysofa_load`). No authentication or special privileges are required — the victim need only open the malicious file.

Affected code

The vulnerability resides in `readDataVar` in `hdf/dataobject.c` at line 555, where `sprintf` writes into a stack buffer (`number`) of only 16 bytes (offset 32–48) without bounds checking. The call chain is `readOHDRHeaderMessageAttribute` → `readData` → `readDataDim` → `readDataVar`.

What the fix does

The advisory does not include a patch diff. The recommended fix is to replace the unbounded `sprintf` call in `readDataVar` with a bounded alternative such as `snprintf`, or to increase the size of the `number` buffer and validate the length of the formatted string before writing. Without a patch, the vulnerability remains exploitable in libmysofa 0.9.1.

Preconditions

  • inputThe victim must open a crafted HDF/SOFA file using libmysofa (e.g., via mysofa2json).
  • authNo authentication or network access required; the attack is file-based.

Generated on May 30, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.