PT-2017-14817 · Hdf+2 · Hdf5+2

Published

2017-12-11

Updated

2025-03-18

CVE-2017-17506

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions HDF5 version 1.10.1

Description The issue is related to an out of bounds read in the H5Opline pline decode function in H5Opline.c within libhdf5.a. This can cause a crash, for example, when using h5dump to open a crafted HDF5 file.

Recommendations For HDF5 version 1.10.1, consider restricting access to the H5Opline pline decode function until a patch is available. As a temporary workaround, avoid using h5dump with untrusted HDF5 files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2017-17506

SUSE-SU-2022:1903-1

SUSE-SU-2022:1910-1

SUSE-SU-2022:1911-1

SUSE-SU-2022:1933-1

USN-4817-1

Affected Products

Hdf5

Suse

Ubuntu

PT-2017-14817 · Hdf+2 · Hdf5+2

CVE-2017-17506

Weakness Enumeration

Related Identifiers

Affected Products

References · 96