CVE-2024-29165

CVSS v3.1

7.4

High

Vector

AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HDF5 versions prior to 1.14.4

Description The issue is related to a buffer overflow in the H5Z filter fletcher32() function of the HDF5 library, which can lead to corruption of the instruction pointer. This can cause denial of service or potentially allow for code execution, impacting the confidentiality, integrity, and availability of protected information.

Recommendations For HDF5 versions prior to 1.14.4, update to version 1.14.4 or later to resolve the issue. As a temporary workaround, consider disabling the H5Z filter fletcher32() function until a patch is available.

Fix

DoS

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

AZL-40625

AZL-40676

BDU:2024-07145

CVE-2024-29165

ECHO-C1CF-0127-4E4E

OESA-2024-2337

OESA-2024-2338

OESA-2024-2339

OESA-2024-2340

RHSA-2025:3801

Affected Products

Debian

Hdf5

Red Os

CVE-2024-29165

Weakness Enumeration

Related Identifiers

Affected Products

References · 57