VYPR

HDF5

by The HDF Group

CVEs (19)

  • CVE-2024-32608CriOct 9, 2024
    risk 0.64cvss 9.8epss 0.01

    HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.

  • CVE-2024-33874CriMay 14, 2024
    risk 0.64cvss 9.8epss 0.01

    HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c.

  • CVE-2024-32621CriMay 14, 2024
    risk 0.64cvss 9.8epss 0.01

    HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5HG_read in H5HG.c (called from H5VL__native_blob_get in H5VLnative_blob.c), resulting in the corruption of the instruction pointer.

  • CVE-2024-32611CriMay 14, 2024
    risk 0.64cvss 9.8epss 0.01

    HDF5 Library through 1.14.3 may use an uninitialized value in H5A__attr_release_table in H5Aint.c.

  • CVE-2024-33877HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.01

    HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T__conv_struct_opt in H5Tconv.c.

  • CVE-2024-33873HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.01

    HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c.

  • CVE-2024-32623HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.01

    HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5VM_array_fill in H5VM.c (called from H5S_select_elements in H5Spoint.c).

  • CVE-2024-32617HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.01

    HDF5 Library through 1.14.3 contains a heap-based buffer over-read caused by the unsafe use of strdup in H5MM_xstrdup in H5MM.c (called from H5G__ent_to_link in H5Glink.c).

  • CVE-2024-32605HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.01

    HDF5 Library through 1.14.3 has a heap-based buffer over-read in H5VM_memcpyvv in H5VM.c (called from H5D__compact_readvv in H5Dcompact.c).

  • CVE-2024-29161HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.01

    HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.

  • CVE-2024-32609HigMay 14, 2024
    risk 0.49cvss 7.5epss 0.01

    HDF5 Library through 1.14.3 allows stack consumption in the function H5E_printf_stack in H5Eint.c.

  • CVE-2024-32624HigMay 14, 2024
    risk 0.48cvss 7.4epss 0.01

    HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__ref_mem_setnull in H5Tref.c (called from H5T__conv_ref in H5Tconv.c), resulting in the corruption of the instruction pointer.

  • CVE-2024-32620HigMay 14, 2024
    risk 0.48cvss 7.4epss 0.00

    HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5F_addr_decode_len in H5Fint.c, resulting in the corruption of the instruction pointer.

  • CVE-2024-32619HigMay 14, 2024
    risk 0.48cvss 7.4epss 0.00

    HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_reopen in H5T.c, resulting in the corruption of the instruction pointer.

  • CVE-2024-32618HigMay 14, 2024
    risk 0.48cvss 7.4epss 0.00

    HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__get_native_type in H5Tnative.c, resulting in the corruption of the instruction pointer.

  • CVE-2024-32613HigMay 14, 2024
    risk 0.48cvss 7.4epss 0.00

    HDF5 Library through 1.14.3 contains a heap-based buffer over-read in the function H5HL__fl_deserialize in H5HLcache.c, a different vulnerability than CVE-2024-32612.

  • CVE-2024-33875MedMay 14, 2024
    risk 0.37cvss 5.7epss 0.00

    HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__layout_encode in H5Olayout.c, resulting in the corruption of the instruction pointer.

  • CVE-2024-32610MedMay 14, 2024
    risk 0.37cvss 5.7epss 0.00

    HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c, resulting in a corrupted instruction pointer.

  • CVE-2024-32607MedMay 14, 2024
    risk 0.37cvss 5.7epss 0.00

    HDF5 Library through 1.14.3 has a SEGV in H5A__close in H5Aint.c, resulting in the corruption of the instruction pointer.