CVE-2017-17506 — Out-of-bounds Read in Hdf5

CWE-125 — Out-of-bounds Read9 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 37.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hdfgroup Hdf5 Debian Hdf5

Timeline

PublishedDec 11

Latest updateMay 17

Description

In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/hdf5< hdf5 1.10.4+repack-1 (bookworm)

▶Debianhdfgroup/hdf5< 1.10.4+repack-1+3

▶NVDhdfgroup/hdf51.8.0 — 1.10.1

🔴Vulnerability Details

GHSA

GHSA-366q-jg8x-3rg4: In HDF5 1↗2022-05-17

▶

OSV

CVE-2017-17506: In HDF5 1↗2017-12-11

▶

📋Vendor Advisories

Ubuntu

HDF5 vulnerabilities↗2021-03-15

▶

Red Hat

hdf5: Out-of-bounds read in the H5Opline_pline_decode function↗2017-12-08

▶

Debian

CVE-2017-17506: hdf5 - In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5O...↗2017

▶

💬Community

Bugzilla

CVE-2017-17505 CVE-2017-17506 CVE-2017-17507 CVE-2017-17508 CVE-2017-17509 hdf5: various flaws [fedora-all]↗2017-12-12

▶

Bugzilla

CVE-2017-17505 CVE-2017-17506 CVE-2017-17507 CVE-2017-17508 CVE-2017-17509 hdf5: various flaws [epel-all]↗2017-12-12

▶

Bugzilla

CVE-2017-17506 hdf5: Out-of-bounds read in the H5Opline_pline_decode function↗2017-12-12

▶