CVE-2017-17509

Name of the Vulnerable Software and Affected Versions HDF5 version 1.10.1

Description The issue is related to an out of bounds write vulnerability in the function H5G ent decode vec in H5Gcache.c within libhdf5.a. This could cause h5dump to crash or have an unspecified impact when opening a crafted hdf5 file.

Recommendations For HDF5 version 1.10.1, consider avoiding the use of the H5G ent decode vec function until a patch is available. As a temporary workaround, restrict the opening of potentially crafted hdf5 files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.