CVE-2018-17436 — Out-of-bounds Write in Hdf5

CWE-787 — Out-of-bounds Write8 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 48.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hdfgroup Hdf5 Debian Hdf5

Timeline

PublishedSep 24

Latest updateMay 14

Description

ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (invalid write access) via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDhdfgroup/hdf51.10.3

▶debiandebian/hdf5

🔴Vulnerability Details

GHSA

GHSA-43xh-q266-jr4x: ReadCode() in decompress↗2022-05-14

▶

OSV

CVE-2018-17436: ReadCode() in decompress↗2018-09-24

▶

📋Vendor Advisories

Red Hat

hdf5: invalid write access in ReadCode() in decompress.c↗2018-09-24

▶

Debian

CVE-2018-17436: hdf5 - ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allows attacke...↗2018

▶

💬Community

Bugzilla

CVE-2018-17436 hdf5: invalid write access in ReadCode() in decompress.c↗2018-09-28

▶

Bugzilla

CVE-2018-17436 hdf5: invalid write access in ReadCode() in decompress.c [fedora-all]↗2018-09-28

▶

Bugzilla

CVE-2018-17436 hdf5: invalid write access in ReadCode() in decompress.c [epel-all]↗2018-09-28

▶