CVE-2017-17507 — Out-of-bounds Read in Hdf5

CWE-125 — Out-of-bounds Read8 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 64.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hdfgroup Hdf5 Debian Hdf5

Timeline

PublishedDec 11

Latest updateMay 17

Description

In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/hdf5< hdf5 1.14.5+repack-1 (forky)

▶Debianhdfgroup/hdf5< 1.14.5+repack-1+1

▶NVDhdfgroup/hdf51.10.1

🔴Vulnerability Details

GHSA

GHSA-q7wr-wvj6-35g6: In HDF5 1↗2022-05-17

▶

OSV

CVE-2017-17507: In HDF5 1↗2017-12-11

▶

📋Vendor Advisories

Red Hat

hdf5: Out-of-bounds read in the H5T_conv_struct_opt function↗2017-12-08

▶

Debian

CVE-2017-17507: hdf5 - In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T...↗2017

▶

💬Community

Bugzilla

CVE-2017-17505 CVE-2017-17506 CVE-2017-17507 CVE-2017-17508 CVE-2017-17509 hdf5: various flaws [fedora-all]↗2017-12-12

▶

Bugzilla

CVE-2017-17505 CVE-2017-17506 CVE-2017-17507 CVE-2017-17508 CVE-2017-17509 hdf5: various flaws [epel-all]↗2017-12-12

▶

Bugzilla

CVE-2017-17507 hdf5: Out-of-bounds read in the H5T_conv_struct_opt function↗2017-12-12

▶