Debian Hdf5 vulnerabilities

CVE-2019-9151 [HIGH] CVE-2019-9151: hdf5 - An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bound... An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5VM_memcpyvv in H5VM.c when called from H5D__compact_readvv in H5Dcompact.c. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2019-8396 [MEDIUM] CVE-2019-8396: hdf5 - A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1... A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2." Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.14.5+repack-1) sid: resolved (fixed in 1.14.5+rep

CVE-2019-8397 [MEDIUM] CVE-2019-8397: hdf5 - An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bound... An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2019-9152 [HIGH] CVE-2019-9152: hdf5 - An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bound... An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5MM_xstrdup in H5MM.c when called from H5O_dtype_decode_helper in H5Odtype.c. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2019-8398 [MEDIUM] CVE-2019-8398: hdf5 - An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bound... An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.14.5+repack-1) sid: resolved (fixed in 1.14.5+repack-1) trixie: resolved (fixed in 1.14.5+repack-1)

CVE-2018-11205 [HIGH] CVE-2018-11205: hdf5 - A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1... A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.14.5+repack-1) sid: resolved (fixed in 1.14.5+repack-1) trixie: resolved (fixed in 1.14.5+repack-1)

CVE-2018-11204 [MEDIUM] CVE-2018-11204: hdf5 - A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.... A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. Scope: local bookworm: resolved (fixed in 1.10.4+repack-1) bullseye: resolved (fixed in 1.10.4+repack-1) forky: resolved (fixed in 1.10.4+repack-1) sid: resolved (fixed in 1.10.4+repack-1) trixie: resolved

CVE-2018-17437 [MEDIUM] CVE-2018-17437: hdf5 - Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF H... Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file. Scope: local bookworm: resolved (fixed in 1.10.6+repack-2) bullseye: resolved (fixed in 1.10.6+repack-2) forky: resolved (fixed in 1.10.6+repack-2) sid: resolved (fixed i

CVE-2018-13870 [CRITICAL] CVE-2018-13870: hdf5 - An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based bu... An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_link_decode in H5Olink.c. Scope: local bookworm: resolved (fixed in 1.10.7+repack-1) bullseye: open forky: resolved (fixed in 1.10.7+repack-1) sid: resolved (fixed in 1.10.7+repack-1) trixie: resolved (fixed in 1.10.7+repack-1)

CVE-2018-14035 [HIGH] CVE-2018-14035: hdf5 - An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based bu... An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5VM_memcpyvv in H5VM.c. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-17433 [MEDIUM] CVE-2018-17433: hdf5 - A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 ... A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-11202 [MEDIUM] CVE-2018-11202: hdf5 - A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c ... A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. Scope: local bookworm: resolved (fixed in 1.10.4+repack-1) bullseye: resolved (fixed in 1.10.4+repack-1) forky: resolved (fixed in 1.10.4+repack-1) sid: resolved (fixed in 1.10.4+repack-1) trixie: resolved (

CVE-2018-17234 [MEDIUM] CVE-2018-17234: hdf5 - Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HD... Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file. Scope: local bookworm: resolved (fixed in 1.10.6+repack-2) bullseye: resolved (fixed in 1.10.6+repack-2) forky: resolved (fixed in 1.10.6+repack-2) sid: resolved (fixed in

CVE-2018-17436 [MEDIUM] CVE-2018-17436: hdf5 - ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allows attacke... ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (invalid write access) via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-17237 [MEDIUM] CVE-2018-17237: hdf5 - A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk... A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207. Scope: local bookworm: resolved (fixed in 1.10.6+repack-2) bullseye: resolved (fixed in 1.10.6+repack-2

CVE-2018-11207 [MEDIUM] CVE-2018-11207: hdf5 - A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HD... A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. Scope: local bookworm: resolved (fixed in 1.10.4+repack-1) bullseye: resolved (fixed in 1.10.4+repack-1) forky: resolved (fixed in 1.10.4+repack-1) sid: resolved (fixed in 1.10.4+repack-1) trixie: resolved (fixed in 1.10

CVE-2018-11206 [HIGH] CVE-2018-11206: hdf5 - An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_dec... An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack. Scope: local bookworm: resolved (fixed in 1.10.8+repack-1) bullseye: open forky: resolved (fixed in 1.10.8+repack-1) sid: resolved (fixed in 1.10.8+repack-1) trixie:

CVE-2018-17233 [MEDIUM] CVE-2018-17233: hdf5 - A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of ... A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack. Scope: local bookworm: resolved (fixed in 1.10.6+repack-2) bullseye: resolved (fix

CVE-2018-17438 [MEDIUM] CVE-2018-17438: hdf5 - A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the... A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack. Scope: local bookworm: resolved (fixed in 1.10.6+repack-1) bullseye: resolved (fixed in 1.10.6+repa

CVE-2018-13869 [CRITICAL] CVE-2018-13869: hdf5 - An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parame... An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5O_link_decode in H5Olink.c. Scope: local bookworm: resolved (fixed in 1.10.7+repack-1) bullseye: open forky: resolved (fixed in 1.10.7+repack-1) sid: resolved (fixed in 1.10.7+repack-1) trixie: resolved (fixed in 1.10.7+repack-1)