PT-2018-1922 · Hdf+2 · Hdf5+2

Published

2018-09-24

Updated

2022-06-03

CVE-2018-17435

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions HDF5 versions 1.10.3 and earlier

Description A heap-based buffer over-read issue in the H5O attr decode() function in H5Oattr.c allows attackers to cause a denial of service via a crafted HDF5 file. This issue can be triggered by converting an HDF file to a GIF file. The vulnerability is caused by a buffer over-read operation in memory, which can be exploited by a remote attacker using a specially formed HDF5 file to cause a denial of service.

Recommendations For HDF5 versions 1.10.3 and earlier, consider disabling the H5O attr decode() function until a patch is available to prevent potential denial of service attacks. Restrict access to crafted HDF5 files to minimize the risk of exploitation. Avoid using the H5O attr decode() function when converting HDF files to other formats, such as GIF, until the issue is resolved.

Exploit

Fix

DoS

Buffer Overflow

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-125

Related Identifiers

BDU:2018-01529

CVE-2018-17435

SUSE-SU-2022:1903-1

SUSE-SU-2022:1910-1

SUSE-SU-2022:1911-1

SUSE-SU-2022:1933-1

Affected Products

Debian

Hdf5

Suse

PT-2018-1922 · Hdf+2 · Hdf5+2

CVE-2018-17435

Weakness Enumeration

Related Identifiers

Affected Products

References · 94