LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2016-4330
CVE STATUS: Patched
CVE SUMMARY: In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution.
CVSS v2 BASE SCORE: 6.9
CVSS v3 BASE SCORE: 8.6
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4330

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2016-4331
CVE STATUS: Patched
CVE SUMMARY: When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution.
CVSS v2 BASE SCORE: 6.9
CVSS v3 BASE SCORE: 8.6
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4331

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2016-4332
CVE STATUS: Patched
CVE SUMMARY: The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library.
CVSS v2 BASE SCORE: 6.9
CVSS v3 BASE SCORE: 8.6
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4332

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2016-4333
CVE STATUS: Patched
CVE SUMMARY: The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the array when initializing it.
CVSS v2 BASE SCORE: 6.9
CVSS v3 BASE SCORE: 8.6
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4333

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2017-17505
CVE STATUS: Patched
CVE SUMMARY: In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17505

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2017-17506
CVE STATUS: Patched
CVE SUMMARY: In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17506

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2017-17507
CVE STATUS: Patched
CVE SUMMARY: In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17507

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2017-17508
CVE STATUS: Patched
CVE SUMMARY: In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17508

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2017-17509
CVE STATUS: Patched
CVE SUMMARY: In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17509

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-11202
CVE STATUS: Patched
CVE SUMMARY: A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11202

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-11203
CVE STATUS: Patched
CVE SUMMARY: A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11203

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-11204
CVE STATUS: Patched
CVE SUMMARY: A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11204

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-11205
CVE STATUS: Patched
CVE SUMMARY: A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVSS v2 BASE SCORE: 5.8
CVSS v3 BASE SCORE: 8.1
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11205

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-11206
CVE STATUS: Patched
CVE SUMMARY: An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVSS v2 BASE SCORE: 5.8
CVSS v3 BASE SCORE: 8.1
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11206

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-11207
CVE STATUS: Patched
CVE SUMMARY: A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11207

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-13866
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer over-read in the function H5F_addr_decode_len in H5Fint.c.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13866

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-13867
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5F__accum_read in H5Faccum.c.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13867

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-13868
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_fill_old_decode in H5Ofill.c.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13868

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-13869
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5O_link_decode in H5Olink.c.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13869

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-13870
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_link_decode in H5Olink.c.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13870

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-13871
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5FL_blk_malloc in H5FL.c.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13871

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-13872
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5G_ent_decode in H5Gent.c.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13872

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-13873
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a buffer over-read in H5O_chunk_deserialize in H5Ocache.c.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13873

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-13874
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDmemset.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13874

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-13875
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is an out-of-bounds read in the function H5VM_memcpyvv in H5VM.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13875

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-13876
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDread.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13876

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-14031
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5T_copy in H5T.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14031

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-14033
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c, related to HDmemcpy.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14033

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-14034
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5O_pline_reset in H5Opline.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14034

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-14035
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5VM_memcpyvv in H5VM.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14035

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-14460
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14460

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-15671
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack consumption has been detected in the function H5P__get_cb() in H5Pint.c during an attempted parse of a crafted HDF file. This results in denial of service.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15671

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-16438
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16438

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-17233
CVE STATUS: Patched
CVE SUMMARY: A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17233

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-17234
CVE STATUS: Patched
CVE SUMMARY: Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17234

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-17237
CVE STATUS: Patched
CVE SUMMARY: A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17237

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-17432
CVE STATUS: Patched
CVE SUMMARY: A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17432

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-17433
CVE STATUS: Patched
CVE SUMMARY: A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17433

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-17434
CVE STATUS: Patched
CVE SUMMARY: A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17434

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-17435
CVE STATUS: Patched
CVE SUMMARY: A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting an HDF file to GIF file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17435

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-17436
CVE STATUS: Patched
CVE SUMMARY: ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (invalid write access) via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17436

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-17437
CVE STATUS: Patched
CVE SUMMARY: Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17437

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-17438
CVE STATUS: Patched
CVE SUMMARY: A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17438

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2018-17439
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.10.3 library. There is a stack-based buffer overflow in the function H5S_extent_get_dims() in H5S.c. Specifically, this issue occurs while converting an HDF5 file to a GIF file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17439

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2019-8396
CVE STATUS: Patched
CVE SUMMARY: A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8396

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2019-8397
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8397

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2019-8398
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8398

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2019-9151
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5VM_memcpyvv in H5VM.c when called from H5D__compact_readvv in H5Dcompact.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9151

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2019-9152
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5MM_xstrdup in H5MM.c when called from H5O_dtype_decode_helper in H5Odtype.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9152

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2020-10809
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10809

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2020-10810
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5AC_unpin_entry() located in H5AC.c. It allows an attacker to cause Denial of Service.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10810

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2020-10811
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10811

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2020-10812
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an attacker to cause Denial of Service.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10812

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2020-18232
CVE STATUS: Patched
CVE SUMMARY: Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-18232

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2020-18494
CVE STATUS: Patched
CVE SUMMARY: Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-18494

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2021-37501
CVE STATUS: Patched
CVE SUMMARY: Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-37501

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2021-45829
CVE STATUS: Patched
CVE SUMMARY: HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denial of Service.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45829

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2021-45830
CVE STATUS: Patched
CVE SUMMARY: A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/src/H5Fint.c, which could cause a Denial of Service.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45830

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2021-45832
CVE STATUS: Patched
CVE SUMMARY: A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent).
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45832

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2021-45833
CVE STATUS: Patched
CVE SUMMARY: A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_map_hyper function in /hdf5/src/H5Dchunk.c, which causes a Denial of Service (context-dependent).
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45833

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2021-46242
CVE STATUS: Patched
CVE SUMMARY: HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46242

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2021-46243
CVE STATUS: Patched
CVE SUMMARY: An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS).
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46243

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2021-46244
CVE STATUS: Patched
CVE SUMMARY: A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS).
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46244

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2022-25942
CVE STATUS: Patched
CVE SUMMARY: An out-of-bounds read vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.8
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25942

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2022-25972
CVE STATUS: Patched
CVE SUMMARY: An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.8
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25972

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2022-26061
CVE STATUS: Patched
CVE SUMMARY: A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.8
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-26061

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-29157
CVE STATUS: Patched
CVE SUMMARY: HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-29157

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-29158
CVE STATUS: Patched
CVE SUMMARY: HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.4
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-29158

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-29159
CVE STATUS: Patched
CVE SUMMARY: HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_scaleoffset, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-29159

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-29160
CVE STATUS: Patched
CVE SUMMARY: HDF5 through 1.14.3 contains a heap buffer overflow in H5HG__cache_heap_deserialize, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.4
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-29160

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-29161
CVE STATUS: Patched
CVE SUMMARY: HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-29161

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-29162
CVE STATUS: Patched
CVE SUMMARY: HDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer overflow in H5HG_read, resulting in denial of service or potential code execution.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.4
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-29162

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-29163
CVE STATUS: Patched
CVE SUMMARY: HDF5 through 1.14.3 contains a heap buffer overflow in H5T__bit_find, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.4
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-29163

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-29164
CVE STATUS: Patched
CVE SUMMARY: HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-29164

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-29165
CVE STATUS: Patched
CVE SUMMARY: HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_fletcher32, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.4
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-29165

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-29166
CVE STATUS: Patched
CVE SUMMARY: HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 5.7
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-29166

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-32605
CVE STATUS: Patched
CVE SUMMARY: HDF5 Library through 1.14.3 has a heap-based buffer over-read in H5VM_memcpyvv in H5VM.c (called from H5D__compact_readvv in H5Dcompact.c).
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-32605

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-32606
CVE STATUS: Patched
CVE SUMMARY: HDF5 Library through 1.14.3 may attempt to dereference uninitialized values in h5tools_str_sprint in tools/lib/h5tools_str.c (called from h5tools_dump_simple_data in tools/lib/h5tools_dump.c).
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 5.7
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-32606

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-32607
CVE STATUS: Patched
CVE SUMMARY: HDF5 Library through 1.14.3 has a SEGV in H5A__close in H5Aint.c, resulting in the corruption of the instruction pointer.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 5.7
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-32607

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-32608
CVE STATUS: Patched
CVE SUMMARY: HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-32608

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-32609
CVE STATUS: Patched
CVE SUMMARY: HDF5 Library through 1.14.3 allows stack consumption in the function H5E_printf_stack in H5Eint.c.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-32609

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-32610
CVE STATUS: Patched
CVE SUMMARY: HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c, resulting in a corrupted instruction pointer.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 5.7
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-32610

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-32611
CVE STATUS: Patched
CVE SUMMARY: HDF5 Library through 1.14.3 may use an uninitialized value in H5A__attr_release_table in H5Aint.c.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-32611

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-32612
CVE STATUS: Patched
CVE SUMMARY: HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5HL__fl_deserialize in H5HLcache.c, resulting in the corruption of the instruction pointer, a different vulnerability than CVE-2024-32613.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.4
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-32612

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-32613
CVE STATUS: Patched
CVE SUMMARY: HDF5 Library through 1.14.3 contains a heap-based buffer over-read in the function H5HL__fl_deserialize in H5HLcache.c, a different vulnerability than CVE-2024-32612.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.4
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-32613

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-32614
CVE STATUS: Patched
CVE SUMMARY: HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-32614

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-32615
CVE STATUS: Patched
CVE SUMMARY: HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Z__nbit_decompress_one_byte in H5Znbit.c, caused by the earlier use of an initialized pointer.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-32615

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-32616
CVE STATUS: Patched
CVE SUMMARY: HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5O__dtype_encode_helper in H5Odtype.c.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.4
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-32616

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-32617
CVE STATUS: Patched
CVE SUMMARY: HDF5 Library through 1.14.3 contains a heap-based buffer over-read caused by the unsafe use of strdup in H5MM_xstrdup in H5MM.c (called from H5G__ent_to_link in H5Glink.c).
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-32617

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-32618
CVE STATUS: Patched
CVE SUMMARY: HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__get_native_type in H5Tnative.c, resulting in the corruption of the instruction pointer.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.4
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-32618

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-32619
CVE STATUS: Patched
CVE SUMMARY: HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_reopen in H5T.c, resulting in the corruption of the instruction pointer.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.4
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-32619

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-32620
CVE STATUS: Patched
CVE SUMMARY: HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5F_addr_decode_len in H5Fint.c, resulting in the corruption of the instruction pointer.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.4
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-32620

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-32621
CVE STATUS: Patched
CVE SUMMARY: HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5HG_read in H5HG.c (called from H5VL__native_blob_get in H5VLnative_blob.c), resulting in the corruption of the instruction pointer.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-32621

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-32622
CVE STATUS: Patched
CVE SUMMARY: HDF5 Library through 1.14.3 contains a out-of-bounds read operation in H5FL_arr_malloc in H5FL.c (called from H5S_set_extent_simple in H5S.c).
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.1
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-32622

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-32623
CVE STATUS: Patched
CVE SUMMARY: HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5VM_array_fill in H5VM.c (called from H5S_select_elements in H5Spoint.c).
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-32623

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-32624
CVE STATUS: Patched
CVE SUMMARY: HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__ref_mem_setnull in H5Tref.c (called from H5T__conv_ref in H5Tconv.c), resulting in the corruption of the instruction pointer.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.4
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-32624

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-33873
CVE STATUS: Patched
CVE SUMMARY: HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-33873

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-33874
CVE STATUS: Patched
CVE SUMMARY: HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-33874

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-33875
CVE STATUS: Patched
CVE SUMMARY: HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__layout_encode in H5Olayout.c, resulting in the corruption of the instruction pointer.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 5.7
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-33875

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-33876
CVE STATUS: Patched
CVE SUMMARY: HDF5 Library through 1.14.3 has a heap buffer overflow in H5S__point_deserialize in H5Spoint.c.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 5.7
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-33876

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2024-33877
CVE STATUS: Patched
CVE SUMMARY: HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T__conv_struct_opt in H5Tconv.c.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-33877

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2025-2153
CVE STATUS: Patched
CVE SUMMARY: A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
CVSS v2 BASE SCORE: 5.1
CVSS v3 BASE SCORE: 5.0
CVSS v4 BASE SCORE: 2.3
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-2153

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2025-2308
CVE STATUS: Patched
CVE SUMMARY: A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Z__scaleoffset_decompress_one_byte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.3
CVSS v4 BASE SCORE: 4.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:S/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-2308

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2025-2309
CVE STATUS: Patched
CVE SUMMARY: A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.3
CVSS v4 BASE SCORE: 4.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:S/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-2309

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2025-2310
CVE STATUS: Patched
CVE SUMMARY: A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MM_strndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.3
CVSS v4 BASE SCORE: 4.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:S/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-2310

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2025-2912
CVE STATUS: Unpatched
CVE SUMMARY: A vulnerability was found in HDF5 up to 1.14.6. It has been declared as problematic. Affected by this vulnerability is the function H5O_msg_flush of the file src/H5Omessage.c. The manipulation of the argument oh leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
CVSS v2 BASE SCORE: 1.7
CVSS v3 BASE SCORE: 3.3
CVSS v4 BASE SCORE: 4.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:S/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-2912

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2025-2913
CVE STATUS: Unpatched
CVE SUMMARY: A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FL__blk_gc_list of the file src/H5FL.c. The manipulation of the argument H5FL_blk_head_t leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
CVSS v2 BASE SCORE: 1.7
CVSS v3 BASE SCORE: 3.3
CVSS v4 BASE SCORE: 4.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:S/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-2913

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2025-2914
CVE STATUS: Unpatched
CVE SUMMARY: A vulnerability classified as problematic has been found in HDF5 up to 1.14.6. This affects the function H5FS__sinfo_Srialize_Sct_cb of the file src/H5FScache.c. The manipulation of the argument sect leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
CVSS v2 BASE SCORE: 1.7
CVSS v3 BASE SCORE: 3.3
CVSS v4 BASE SCORE: 4.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:S/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-2914

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2025-2915
CVE STATUS: Unpatched
CVE SUMMARY: A vulnerability classified as problematic was found in HDF5 up to 1.14.6. This vulnerability affects the function H5F__accum_free of the file src/H5Faccum.c. The manipulation of the argument overlap_size leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
CVSS v2 BASE SCORE: 1.7
CVSS v3 BASE SCORE: 3.3
CVSS v4 BASE SCORE: 4.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:S/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-2915

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2025-2923
CVE STATUS: Unpatched
CVE SUMMARY: A vulnerability, which was classified as problematic, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5F_addr_encode_len of the file src/H5Fint.c. The manipulation of the argument pp leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
CVSS v2 BASE SCORE: 1.7
CVSS v3 BASE SCORE: 3.3
CVSS v4 BASE SCORE: 4.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:S/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-2923

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2025-2924
CVE STATUS: Unpatched
CVE SUMMARY: A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HL__fl_deserialize of the file src/H5HLcache.c. The manipulation of the argument free_block leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
CVSS v2 BASE SCORE: 1.7
CVSS v3 BASE SCORE: 3.3
CVSS v4 BASE SCORE: 4.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:S/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-2924

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2025-2925
CVE STATUS: Unpatched
CVE SUMMARY: A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
CVSS v2 BASE SCORE: 1.7
CVSS v3 BASE SCORE: 3.3
CVSS v4 BASE SCORE: 4.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:S/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-2925

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2025-2926
CVE STATUS: Unpatched
CVE SUMMARY: A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5O__cache_chk_serialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
CVSS v2 BASE SCORE: 1.7
CVSS v3 BASE SCORE: 3.3
CVSS v4 BASE SCORE: 4.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:S/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-2926

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2025-44904
CVE STATUS: Patched
CVE SUMMARY: hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-44904

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2025-44905
CVE STATUS: Patched
CVE SUMMARY: hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset function.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-44905

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2025-6269
CVE STATUS: Unpatched
CVE SUMMARY: A vulnerability classified as critical was found in HDF5 up to 1.14.6. Affected by this vulnerability is the function H5C__reconstruct_cache_entry of the file H5Cimage.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.3
CVSS v4 BASE SCORE: 4.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:S/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-6269

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2025-6270
CVE STATUS: Unpatched
CVE SUMMARY: A vulnerability, which was classified as critical, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5FS__sect_find_node of the file H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.3
CVSS v4 BASE SCORE: 4.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:S/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-6270

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2025-6516
CVE STATUS: Unpatched
CVE SUMMARY: A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.3
CVSS v4 BASE SCORE: 4.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:S/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-6516

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2025-6750
CVE STATUS: Patched
CVE SUMMARY: A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function H5O__mtime_new_encode of the file src/H5Omtime.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
CVSS v2 BASE SCORE: 1.7
CVSS v3 BASE SCORE: 3.3
CVSS v4 BASE SCORE: 4.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:S/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-6750

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2025-6816
CVE STATUS: Patched
CVE SUMMARY: A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5O__fsinfo_encode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
CVSS v2 BASE SCORE: 1.7
CVSS v3 BASE SCORE: 3.3
CVSS v4 BASE SCORE: 4.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:S/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-6816

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2025-6817
CVE STATUS: Patched
CVE SUMMARY: A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5C__load_entry of the file /src/H5Centry.c. The manipulation leads to resource consumption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
CVSS v2 BASE SCORE: 1.7
CVSS v3 BASE SCORE: 3.3
CVSS v4 BASE SCORE: 4.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:S/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-6817

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2025-6818
CVE STATUS: Patched
CVE SUMMARY: A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5O__chunk_protect of the file /src/H5Ochunk.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
CVSS v2 BASE SCORE: 1.7
CVSS v3 BASE SCORE: 3.3
CVSS v4 BASE SCORE: 4.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:S/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-6818

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2025-6856
CVE STATUS: Patched
CVE SUMMARY: A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FL__reg_gc_list of the file src/H5FL.c. The manipulation leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
CVSS v2 BASE SCORE: 1.7
CVSS v3 BASE SCORE: 3.3
CVSS v4 BASE SCORE: 4.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:S/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-6856

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2025-6857
CVE STATUS: Patched
CVE SUMMARY: A vulnerability has been found in HDF5 1.14.6 and classified as problematic. Affected by this vulnerability is the function H5G__node_cmp3 of the file src/H5Gnode.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
CVSS v2 BASE SCORE: 1.7
CVSS v3 BASE SCORE: 3.3
CVSS v4 BASE SCORE: 4.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:S/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-6857

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2025-6858
CVE STATUS: Patched
CVE SUMMARY: A vulnerability was found in HDF5 1.14.6 and classified as problematic. Affected by this issue is the function H5C__flush_single_entry of the file src/H5Centry.c. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
CVSS v2 BASE SCORE: 1.7
CVSS v3 BASE SCORE: 3.3
CVSS v4 BASE SCORE: 4.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:S/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-6858

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2025-7067
CVE STATUS: Patched
CVE SUMMARY: A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FS__sinfo_serialize_node_cb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
CVSS v2 BASE SCORE: 1.7
CVSS v3 BASE SCORE: 3.3
CVSS v4 BASE SCORE: 4.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:S/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-7067

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2025-7068
CVE STATUS: Patched
CVE SUMMARY: A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5FL__malloc of the file src/H5FL.c. The manipulation leads to memory leak. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
CVSS v2 BASE SCORE: 1.7
CVSS v3 BASE SCORE: 3.3
CVSS v4 BASE SCORE: 4.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:S/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-7068

LAYER: meta-oe
PACKAGE NAME: hdf5
PACKAGE VERSION: 1.14.4-3
CVE: CVE-2025-7069
CVE STATUS: Patched
CVE SUMMARY: A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FS__sect_link_size of the file src/H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
CVSS v2 BASE SCORE: 1.7
CVSS v3 BASE SCORE: 3.3
CVSS v4 BASE SCORE: 4.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:S/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-7069