CVE-2024-32623

Name of the Vulnerable Software and Affected Versions HDF5 Library versions through 1.14.3

Description The issue is related to a heap-based buffer overflow in the H5VM array fill() function in the H5VM.c file of the HDF5 Library. This overflow can be triggered when the H5S select elements function in H5Spoint.c calls H5VM array fill(). Exploitation of this issue may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information, potentially leading to a denial of service.

Recommendations For HDF5 Library versions through 1.14.3, as a temporary workaround, consider disabling the H5VM array fill() function until a patch is available. Restrict access to the H5VM.c file and related functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.