rpm package
suse/hdf5_1_10_11-gnu-hpc&distro=SUSE Linux Enterprise Module for HPC 12
pkg:rpm/suse/hdf5_1_10_11-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012
Vulnerabilities (18)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-32608 | — | < 1.10.11-3.24.1 | 1.10.11-3.24.1 | Oct 9, 2024 | HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. | ||
| CVE-2024-33875 | — | < 1.10.11-3.24.1 | 1.10.11-3.24.1 | May 9, 2024 | HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__layout_encode in H5Olayout.c, resulting in the corruption of the instruction pointer. | ||
| CVE-2024-33874 | — | < 1.10.11-3.24.1 | 1.10.11-3.24.1 | May 9, 2024 | HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c. | ||
| CVE-2024-33873 | — | < 1.10.11-3.24.1 | 1.10.11-3.24.1 | May 9, 2024 | HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c. | ||
| CVE-2024-32620 | — | < 1.10.11-3.24.1 | 1.10.11-3.24.1 | May 9, 2024 | HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5F_addr_decode_len in H5Fint.c, resulting in the corruption of the instruction pointer. | ||
| CVE-2024-32619 | — | < 1.10.11-3.24.1 | 1.10.11-3.24.1 | May 9, 2024 | HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_reopen in H5T.c, resulting in the corruption of the instruction pointer. | ||
| CVE-2024-32614 | — | < 1.10.11-3.24.1 | 1.10.11-3.24.1 | May 9, 2024 | HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c. | ||
| CVE-2024-32610 | — | < 1.10.11-3.24.1 | 1.10.11-3.24.1 | May 9, 2024 | HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c, resulting in a corrupted instruction pointer. | ||
| CVE-2024-29166 | — | < 1.10.11-3.24.1 | 1.10.11-3.24.1 | May 9, 2024 | HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. | ||
| CVE-2024-29161 | — | < 1.10.11-3.24.1 | 1.10.11-3.24.1 | May 9, 2024 | HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. | ||
| CVE-2024-29158 | — | < 1.10.11-3.24.1 | 1.10.11-3.24.1 | May 9, 2024 | HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. | ||
| CVE-2021-37501 | — | < 1.10.11-3.21.1 | 1.10.11-3.21.1 | Feb 3, 2023 | Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c. | ||
| CVE-2020-10812 | — | < 1.10.11-3.21.1 | 1.10.11-3.21.1 | Mar 22, 2020 | An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an attacker to cause Denial of Service. | ||
| CVE-2019-8396 | — | < 1.10.11-3.21.1 | 1.10.11-3.21.1 | Feb 17, 2019 | A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2." | ||
| CVE-2018-11205 | Hig | 8.1 | < 1.10.11-3.24.1 | 1.10.11-3.24.1 | May 16, 2018 | A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack. | |
| CVE-2018-11202 | Med | 6.5 | < 1.10.11-3.21.1 | 1.10.11-3.21.1 | May 16, 2018 | A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. | |
| CVE-2017-17507 | Med | 6.5 | < 1.10.11-3.24.1 | 1.10.11-3.24.1 | Dec 11, 2017 | In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. | |
| CVE-2016-4332 | Hig | 8.6 | < 1.10.11-3.21.1 | 1.10.11-3.21.1 | Nov 18, 2016 | The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the |
- CVE-2024-32608Oct 9, 2024affected < 1.10.11-3.24.1fixed 1.10.11-3.24.1
HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
- CVE-2024-33875May 9, 2024affected < 1.10.11-3.24.1fixed 1.10.11-3.24.1
HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__layout_encode in H5Olayout.c, resulting in the corruption of the instruction pointer.
- CVE-2024-33874May 9, 2024affected < 1.10.11-3.24.1fixed 1.10.11-3.24.1
HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c.
- CVE-2024-33873May 9, 2024affected < 1.10.11-3.24.1fixed 1.10.11-3.24.1
HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c.
- CVE-2024-32620May 9, 2024affected < 1.10.11-3.24.1fixed 1.10.11-3.24.1
HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5F_addr_decode_len in H5Fint.c, resulting in the corruption of the instruction pointer.
- CVE-2024-32619May 9, 2024affected < 1.10.11-3.24.1fixed 1.10.11-3.24.1
HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_reopen in H5T.c, resulting in the corruption of the instruction pointer.
- CVE-2024-32614May 9, 2024affected < 1.10.11-3.24.1fixed 1.10.11-3.24.1
HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c.
- CVE-2024-32610May 9, 2024affected < 1.10.11-3.24.1fixed 1.10.11-3.24.1
HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c, resulting in a corrupted instruction pointer.
- CVE-2024-29166May 9, 2024affected < 1.10.11-3.24.1fixed 1.10.11-3.24.1
HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
- CVE-2024-29161May 9, 2024affected < 1.10.11-3.24.1fixed 1.10.11-3.24.1
HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
- CVE-2024-29158May 9, 2024affected < 1.10.11-3.24.1fixed 1.10.11-3.24.1
HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
- CVE-2021-37501Feb 3, 2023affected < 1.10.11-3.21.1fixed 1.10.11-3.21.1
Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c.
- CVE-2020-10812Mar 22, 2020affected < 1.10.11-3.21.1fixed 1.10.11-3.21.1
An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an attacker to cause Denial of Service.
- CVE-2019-8396Feb 17, 2019affected < 1.10.11-3.21.1fixed 1.10.11-3.21.1
A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."
- affected < 1.10.11-3.24.1fixed 1.10.11-3.24.1
A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
- affected < 1.10.11-3.21.1fixed 1.10.11-3.21.1
A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
- affected < 1.10.11-3.24.1fixed 1.10.11-3.24.1
In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
- affected < 1.10.11-3.21.1fixed 1.10.11-3.21.1
The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the