CVE-2024-33874

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HDF5 Library versions prior to 1.14.4

Description The issue is related to a heap buffer overflow in the H5O mtime new encode() function in the H5Omtime.c file of the HDF5 library. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For HDF5 Library versions prior to 1.14.4, update to version 1.14.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the H5O mtime new encode() function until a patch is available.

Exploit

Fix

Heap Based Buffer Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-120

Related Identifiers

AZL-40583

AZL-40592

BDU:2024-07122

CVE-2024-33874

ECHO-4A56-E280-E16C

OESA-2024-2337

OESA-2024-2338

OESA-2024-2339

OESA-2024-2340

OPENSUSE-SU-2024_2195-1

OPENSUSE-SU-2024_3144-1

RHSA-2025:3801

SUSE-SU-2024:2105-1

SUSE-SU-2024:2195-1

SUSE-SU-2024:3144-1

Affected Products

Astra Linux

Debian

Hdf5 Library

Red Os

Suse

CVE-2024-33874

Weakness Enumeration

Related Identifiers

Affected Products

References · 92