LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2016-4330
CVE STATUS: Patched
CVE SUMMARY: In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution.
CVSS v2 BASE SCORE: 6.9
CVSS v3 BASE SCORE: 8.6
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4330

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2016-4331
CVE STATUS: Patched
CVE SUMMARY: When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution.
CVSS v2 BASE SCORE: 6.9
CVSS v3 BASE SCORE: 8.6
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4331

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2016-4332
CVE STATUS: Patched
CVE SUMMARY: The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library.
CVSS v2 BASE SCORE: 6.9
CVSS v3 BASE SCORE: 8.6
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4332

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2016-4333
CVE STATUS: Patched
CVE SUMMARY: The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the array when initializing it.
CVSS v2 BASE SCORE: 6.9
CVSS v3 BASE SCORE: 8.6
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4333

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2017-17505
CVE STATUS: Patched
CVE SUMMARY: In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17505

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2017-17506
CVE STATUS: Patched
CVE SUMMARY: In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17506

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2017-17507
CVE STATUS: Patched
CVE SUMMARY: In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17507

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2017-17508
CVE STATUS: Patched
CVE SUMMARY: In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17508

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2017-17509
CVE STATUS: Patched
CVE SUMMARY: In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17509

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-11202
CVE STATUS: Patched
CVE SUMMARY: A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11202

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-11203
CVE STATUS: Patched
CVE SUMMARY: A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11203

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-11204
CVE STATUS: Patched
CVE SUMMARY: A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11204

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-11205
CVE STATUS: Patched
CVE SUMMARY: A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVSS v2 BASE SCORE: 5.8
CVSS v3 BASE SCORE: 8.1
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11205

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-11206
CVE STATUS: Patched
CVE SUMMARY: An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVSS v2 BASE SCORE: 5.8
CVSS v3 BASE SCORE: 8.1
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11206

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-11207
CVE STATUS: Patched
CVE SUMMARY: A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11207

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-13866
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer over-read in the function H5F_addr_decode_len in H5Fint.c.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13866

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-13867
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5F__accum_read in H5Faccum.c.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13867

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-13868
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_fill_old_decode in H5Ofill.c.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13868

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-13869
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5O_link_decode in H5Olink.c.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13869

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-13870
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_link_decode in H5Olink.c.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13870

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-13871
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5FL_blk_malloc in H5FL.c.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13871

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-13872
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5G_ent_decode in H5Gent.c.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13872

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-13873
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a buffer over-read in H5O_chunk_deserialize in H5Ocache.c.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13873

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-13874
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDmemset.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13874

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-13875
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is an out-of-bounds read in the function H5VM_memcpyvv in H5VM.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13875

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-13876
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDread.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13876

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-14031
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5T_copy in H5T.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14031

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-14033
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c, related to HDmemcpy.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14033

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-14034
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5O_pline_reset in H5Opline.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14034

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-14035
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5VM_memcpyvv in H5VM.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14035

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-14460
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14460

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-15671
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack consumption has been detected in the function H5P__get_cb() in H5Pint.c during an attempted parse of a crafted HDF file. This results in denial of service.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15671

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-16438
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16438

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-17233
CVE STATUS: Patched
CVE SUMMARY: A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17233

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-17234
CVE STATUS: Patched
CVE SUMMARY: Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17234

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-17237
CVE STATUS: Patched
CVE SUMMARY: A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17237

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-17432
CVE STATUS: Patched
CVE SUMMARY: A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17432

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-17433
CVE STATUS: Patched
CVE SUMMARY: A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17433

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-17434
CVE STATUS: Patched
CVE SUMMARY: A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17434

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-17435
CVE STATUS: Patched
CVE SUMMARY: A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting an HDF file to GIF file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17435

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-17436
CVE STATUS: Patched
CVE SUMMARY: ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (invalid write access) via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17436

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-17437
CVE STATUS: Patched
CVE SUMMARY: Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17437

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-17438
CVE STATUS: Patched
CVE SUMMARY: A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17438

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-17439
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.10.3 library. There is a stack-based buffer overflow in the function H5S_extent_get_dims() in H5S.c. Specifically, this issue occurs while converting an HDF5 file to a GIF file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17439

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2019-8396
CVE STATUS: Patched
CVE SUMMARY: A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8396

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2019-8397
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8397

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2019-8398
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8398

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2019-9151
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5VM_memcpyvv in H5VM.c when called from H5D__compact_readvv in H5Dcompact.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9151

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2019-9152
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5MM_xstrdup in H5MM.c when called from H5O_dtype_decode_helper in H5Odtype.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9152

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2020-10809
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10809

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2020-10810
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5AC_unpin_entry() located in H5AC.c. It allows an attacker to cause Denial of Service.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10810

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2020-10811
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10811

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2020-10812
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an attacker to cause Denial of Service.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10812

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2020-18232
CVE STATUS: Patched
CVE SUMMARY: Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-18232

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2020-18494
CVE STATUS: Patched
CVE SUMMARY: Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-18494

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2021-37501
CVE STATUS: Patched
CVE SUMMARY: Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-37501

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2021-45829
CVE STATUS: Patched
CVE SUMMARY: HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denial of Service.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45829

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2021-45830
CVE STATUS: Patched
CVE SUMMARY: A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/src/H5Fint.c, which could cause a Denial of Service.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45830

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2021-45832
CVE STATUS: Patched
CVE SUMMARY: A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent).
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45832

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2021-45833
CVE STATUS: Patched
CVE SUMMARY: A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_map_hyper function in /hdf5/src/H5Dchunk.c, which causes a Denial of Service (context-dependent).
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45833

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2021-46242
CVE STATUS: Patched
CVE SUMMARY: HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46242

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2021-46243
CVE STATUS: Patched
CVE SUMMARY: An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS).
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46243

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2021-46244
CVE STATUS: Patched
CVE SUMMARY: A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS).
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46244

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2022-25942
CVE STATUS: Patched
CVE SUMMARY: An out-of-bounds read vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.8
VECTOR: LOCAL
VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25942

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2022-25972
CVE STATUS: Patched
CVE SUMMARY: An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.8
VECTOR: LOCAL
VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25972

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2022-26061
CVE STATUS: Patched
CVE SUMMARY: A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.8
VECTOR: LOCAL
VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-26061

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-32608
CVE STATUS: Patched
CVE SUMMARY: HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-32608