CVE-2017-17507

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions HDF5 version 1.10.1

Description The issue is related to an out of bounds read vulnerability in the H5T conv struct opt function in H5Tconv.c within libhdf5.a. This could cause a crash, for example, when using h5dump to open a crafted hdf5 file.

Recommendations For HDF5 version 1.10.1, consider restricting the use of the H5T conv struct opt function until a patch is available. As a temporary workaround, avoid using h5dump with untrusted or potentially manipulated hdf5 files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2017-17507

ECHO-4D26-1D56-4C79

OPENSUSE-SU-2024_2195-1

OPENSUSE-SU-2024_3144-1

SUSE-SU-2024:2105-1

SUSE-SU-2024:2195-1

SUSE-SU-2024:3144-1

SUSE-SU-2024_2105-1

SUSE-SU-2024_2195-1

Affected Products

Debian

Hdf5

Suse

CVE-2017-17507

Weakness Enumeration

Related Identifiers

Affected Products

References · 99