rpm package

suse/hdf5_1_10_11-gnu-hpc&distro=SUSE Linux Enterprise Module for HPC 15 SP5

pkg:rpm/suse/hdf5_1_10_11-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP5

Vulnerabilities (18)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-32608		—	< 1.10.11-150400.3.17.1	1.10.11-150400.3.17.1	Oct 9, 2024	HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
CVE-2024-33875		—	< 1.10.11-150400.3.17.1	1.10.11-150400.3.17.1	May 9, 2024	HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__layout_encode in H5Olayout.c, resulting in the corruption of the instruction pointer.
CVE-2024-33874		—	< 1.10.11-150400.3.17.1	1.10.11-150400.3.17.1	May 9, 2024	HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c.
CVE-2024-33873		—	< 1.10.11-150400.3.17.1	1.10.11-150400.3.17.1	May 9, 2024	HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c.
CVE-2024-32620		—	< 1.10.11-150400.3.17.1	1.10.11-150400.3.17.1	May 9, 2024	HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5F_addr_decode_len in H5Fint.c, resulting in the corruption of the instruction pointer.
CVE-2024-32619		—	< 1.10.11-150400.3.17.1	1.10.11-150400.3.17.1	May 9, 2024	HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_reopen in H5T.c, resulting in the corruption of the instruction pointer.
CVE-2024-32614		—	< 1.10.11-150400.3.17.1	1.10.11-150400.3.17.1	May 9, 2024	HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c.
CVE-2024-32610		—	< 1.10.11-150400.3.17.1	1.10.11-150400.3.17.1	May 9, 2024	HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c, resulting in a corrupted instruction pointer.
CVE-2024-29166		—	< 1.10.11-150400.3.17.1	1.10.11-150400.3.17.1	May 9, 2024	HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
CVE-2024-29161		—	< 1.10.11-150400.3.17.1	1.10.11-150400.3.17.1	May 9, 2024	HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
CVE-2024-29158		—	< 1.10.11-150400.3.17.1	1.10.11-150400.3.17.1	May 9, 2024	HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
CVE-2021-37501		—	< 1.10.11-150400.3.12.1	1.10.11-150400.3.12.1	Feb 3, 2023	Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c.
CVE-2020-10812		—	< 1.10.11-150400.3.12.1	1.10.11-150400.3.12.1	Mar 22, 2020	An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an attacker to cause Denial of Service.
CVE-2019-8396		—	< 1.10.11-150400.3.12.1	1.10.11-150400.3.12.1	Feb 17, 2019	A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."
CVE-2018-11205	Hig	8.1	< 1.10.11-150400.3.17.1	1.10.11-150400.3.17.1	May 16, 2018	A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVE-2018-11202	Med	6.5	< 1.10.11-150400.3.12.1	1.10.11-150400.3.12.1	May 16, 2018	A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2017-17507	Med	6.5	< 1.10.11-150400.3.17.1	1.10.11-150400.3.17.1	Dec 11, 2017	In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVE-2016-4332	Hig	8.6	< 1.10.11-150400.3.12.1	1.10.11-150400.3.12.1	Nov 18, 2016	The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the

CVE-2024-32608Oct 9, 2024
affected < 1.10.11-150400.3.17.1fixed 1.10.11-150400.3.17.1
HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
CVE-2024-33875May 9, 2024
affected < 1.10.11-150400.3.17.1fixed 1.10.11-150400.3.17.1
HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__layout_encode in H5Olayout.c, resulting in the corruption of the instruction pointer.
CVE-2024-33874May 9, 2024
affected < 1.10.11-150400.3.17.1fixed 1.10.11-150400.3.17.1
HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c.
CVE-2024-33873May 9, 2024
affected < 1.10.11-150400.3.17.1fixed 1.10.11-150400.3.17.1
HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c.
CVE-2024-32620May 9, 2024
affected < 1.10.11-150400.3.17.1fixed 1.10.11-150400.3.17.1
HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5F_addr_decode_len in H5Fint.c, resulting in the corruption of the instruction pointer.
CVE-2024-32619May 9, 2024
affected < 1.10.11-150400.3.17.1fixed 1.10.11-150400.3.17.1
HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_reopen in H5T.c, resulting in the corruption of the instruction pointer.
CVE-2024-32614May 9, 2024
affected < 1.10.11-150400.3.17.1fixed 1.10.11-150400.3.17.1
HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c.
CVE-2024-32610May 9, 2024
affected < 1.10.11-150400.3.17.1fixed 1.10.11-150400.3.17.1
HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c, resulting in a corrupted instruction pointer.
CVE-2024-29166May 9, 2024
affected < 1.10.11-150400.3.17.1fixed 1.10.11-150400.3.17.1
HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
CVE-2024-29161May 9, 2024
affected < 1.10.11-150400.3.17.1fixed 1.10.11-150400.3.17.1
HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
CVE-2024-29158May 9, 2024
affected < 1.10.11-150400.3.17.1fixed 1.10.11-150400.3.17.1
HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
CVE-2021-37501Feb 3, 2023
affected < 1.10.11-150400.3.12.1fixed 1.10.11-150400.3.12.1
Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c.
CVE-2020-10812Mar 22, 2020
affected < 1.10.11-150400.3.12.1fixed 1.10.11-150400.3.12.1
An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an attacker to cause Denial of Service.
CVE-2019-8396Feb 17, 2019
affected < 1.10.11-150400.3.12.1fixed 1.10.11-150400.3.12.1
A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."
CVE-2018-11205HigMay 16, 2018
affected < 1.10.11-150400.3.17.1fixed 1.10.11-150400.3.17.1
A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVE-2018-11202MedMay 16, 2018
affected < 1.10.11-150400.3.12.1fixed 1.10.11-150400.3.12.1
A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2017-17507MedDec 11, 2017
affected < 1.10.11-150400.3.17.1fixed 1.10.11-150400.3.17.1
In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVE-2016-4332HigNov 18, 2016
affected < 1.10.11-150400.3.12.1fixed 1.10.11-150400.3.12.1
The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the