PT-2018-14027 · Hdf+2 · Hdf5+2

Published

2018-09-24

Updated

2023-12-29

CVE-2018-17436

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions HDF5 library versions prior to 1.10.4

Description The issue allows attackers to cause a denial of service via a crafted HDF5 file, specifically through the ReadCode() function in decompress.c. This was discovered when converting a GIF file to an HDF file, resulting in invalid write access.

Recommendations For versions prior to 1.10.4, update to version 1.10.4 or later to resolve the issue.

Exploit

Fix

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2018-17436

ECHO-E8C4-F7E3-A4FC

OESA-2023-1985

OESA-2023-1986

OESA-2023-1987

OESA-2023-1988

OESA-2023-1989

OPENSUSE-SU-2022_1912-1

SUSE-SU-2022:1903-1

SUSE-SU-2022:1910-1

SUSE-SU-2022:1911-1

SUSE-SU-2022:1912-1

SUSE-SU-2022:1933-1

Affected Products

Debian

Hdf5

Suse

PT-2018-14027 · Hdf+2 · Hdf5+2

CVE-2018-17436

Weakness Enumeration

Related Identifiers

Affected Products

References · 143