CVE-2018-17435

Name of the Vulnerable Software and Affected Versions HDF5 versions 1.10.3 and earlier

Description A heap-based buffer over-read issue in the H5O attr decode() function in H5Oattr.c allows attackers to cause a denial of service via a crafted HDF5 file. This issue can be triggered by converting an HDF file to a GIF file. The vulnerability is caused by a buffer over-read operation in memory, which can be exploited by a remote attacker using a specially formed HDF5 file to cause a denial of service.

Recommendations For HDF5 versions 1.10.3 and earlier, consider disabling the H5O attr decode() function until a patch is available to prevent potential denial of service attacks. Restrict access to crafted HDF5 files to minimize the risk of exploitation. Avoid using the H5O attr decode() function when converting HDF files to other formats, such as GIF, until the issue is resolved.