PT-2018-1924 · Hdf+2 · Hdf5+2

Published

2018-09-24

Updated

2023-12-29

CVE-2018-17433

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions HDF5 versions through 1.10.3

Description The issue is caused by a heap-based buffer overflow in the ReadGifImageDesc() function, located in gifread.c, which allows remote attackers to cause a denial of service via a specially crafted HDF5 file. This problem occurs when converting a GIF file to an HDF file.

Recommendations For versions through 1.10.3, as a temporary workaround, consider disabling the ReadGifImageDesc() function until a patch is available. Restrict access to the gifread.c module to minimize the risk of exploitation. Avoid using specially crafted HDF5 files in the affected library until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-119

Related Identifiers

BDU:2018-01531

CVE-2018-17433

ECHO-53E1-A53D-D5B1

OESA-2023-1985

OESA-2023-1986

OESA-2023-1987

OESA-2023-1988

OESA-2023-1989

OPENSUSE-SU-2022_1912-1

SUSE-SU-2022:1903-1

SUSE-SU-2022:1910-1

SUSE-SU-2022:1911-1

SUSE-SU-2022:1912-1

SUSE-SU-2022:1933-1

Affected Products

Debian

Hdf5

Suse

PT-2018-1924 · Hdf+2 · Hdf5+2

CVE-2018-17433

Weakness Enumeration

Related Identifiers

Affected Products

References · 145