CVE-2018-17439 — Out-of-bounds Write in Hdf5

CWE-787 — Out-of-bounds Write CWE-121 — Stack-based Buffer Overflow8 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.7%

top 28.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hdfgroup Hdf5 Debian Hdf5

Timeline

PublishedSep 24

Latest updateMay 13

Description

An issue was discovered in the HDF HDF5 1.10.3 library. There is a stack-based buffer overflow in the function H5S_extent_get_dims() in H5S.c. Specifically, this issue occurs while converting an HDF5 file to a GIF file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/hdf5< hdf5 1.14.5+repack-1 (forky)

▶Debianhdfgroup/hdf5< 1.14.5+repack-1+1

▶NVDhdfgroup/hdf51.10.3

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-9xv2-rxpw-qh6j: An issue was discovered in the HDF HDF5 1↗2022-05-13

▶

OSV

CVE-2018-17439: An issue was discovered in the HDF HDF5 1↗2018-09-24

▶

📋Vendor Advisories

Red Hat

hdf5: stack-based buffer overflow in H5S_extent_get_dims() in H5S.c↗2018-09-24

▶

Debian

CVE-2018-17439: hdf5 - An issue was discovered in the HDF HDF5 1.10.3 library. There is a stack-based b...↗2018

▶

💬Community

Bugzilla

CVE-2018-17439 hdf5: stack-based buffer overflow in H5S_extent_get_dims() in H5S.c [fedora-all]↗2018-09-28

▶

Bugzilla

CVE-2018-17439 hdf5: stack-based buffer overflow in H5S_extent_get_dims() in H5S.c [epel-all]↗2018-09-28

▶

Bugzilla

CVE-2018-17439 hdf5: stack-based buffer overflow in H5S_extent_get_dims() in H5S.c↗2018-09-28

▶