Hdfgroup Hdf5 vulnerabilities

CVE-2024-29163 [HIGH] CWE-122 CVE-2024-29163: HDF5 through 1.14.3 contains a heap buffer overflow in H5T__bit_find, resulting in the corruption of HDF5 through 1.14.3 contains a heap buffer overflow in H5T__bit_find, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.

CVE-2024-32614 [HIGH] CWE-125 CVE-2024-32614: HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c. HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c.

CVE-2024-32612 [HIGH] CWE-122 CVE-2024-32612: HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5HL__fl_deserialize in H5HLca HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5HL__fl_deserialize in H5HLcache.c, resulting in the corruption of the instruction pointer, a different vulnerability than CVE-2024-32613.

CVE-2024-32605 [HIGH] CWE-122 CVE-2024-32605: HDF5 Library through 1.14.3 has a heap-based buffer over-read in H5VM_memcpyvv in H5VM.c (called fro HDF5 Library through 1.14.3 has a heap-based buffer over-read in H5VM_memcpyvv in H5VM.c (called from H5D__compact_readvv in H5Dcompact.c).

CVE-2024-32619 [HIGH] CWE-122 CVE-2024-32619: HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_reopen in H5T.c, resul HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_reopen in H5T.c, resulting in the corruption of the instruction pointer.

CVE-2024-32623 [HIGH] CWE-122 CVE-2024-32623: HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5VM_array_fill in H5VM.c (call HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5VM_array_fill in H5VM.c (called from H5S_select_elements in H5Spoint.c).

CVE-2024-32617 [HIGH] CWE-122 CVE-2024-32617: HDF5 Library through 1.14.3 contains a heap-based buffer over-read caused by the unsafe use of strdu HDF5 Library through 1.14.3 contains a heap-based buffer over-read caused by the unsafe use of strdup in H5MM_xstrdup in H5MM.c (called from H5G__ent_to_link in H5Glink.c).

CVE-2024-32609 [HIGH] CWE-674 CVE-2024-32609: HDF5 Library through 1.14.3 allows stack consumption in the function H5E_printf_stack in H5Eint.c. HDF5 Library through 1.14.3 allows stack consumption in the function H5E_printf_stack in H5Eint.c.

CVE-2024-32620 [HIGH] CWE-122 CVE-2024-32620: HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5F_addr_decode_len in H5Fint. HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5F_addr_decode_len in H5Fint.c, resulting in the corruption of the instruction pointer.

CVE-2024-32624 [HIGH] CWE-122 CVE-2024-32624: HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__ref_mem_setnull in H5Tref. HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__ref_mem_setnull in H5Tref.c (called from H5T__conv_ref in H5Tconv.c), resulting in the corruption of the instruction pointer.

CVE-2024-32616 [HIGH] CWE-122 CVE-2024-32616: HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5O__dtype_encode_helper in H5 HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5O__dtype_encode_helper in H5Odtype.c.

CVE-2024-29158 [HIGH] CWE-122 CVE-2024-29158: HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc, resulting in the corruption HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.

CVE-2024-32618 [HIGH] CWE-122 CVE-2024-32618: HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__get_native_type in H5Tnati HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__get_native_type in H5Tnative.c, resulting in the corruption of the instruction pointer.

CVE-2024-29165 [HIGH] CWE-122 CVE-2024-29165: HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_fletcher32, resulting in the corruptio HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_fletcher32, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.

CVE-2024-33877 [HIGH] CWE-122 CVE-2024-33877: HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T__conv_struct_opt in H5Tconv.c. HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T__conv_struct_opt in H5Tconv.c.

CVE-2024-29162 [HIGH] CWE-122 CVE-2024-29162: HDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer overflow in H5HG_read, resulting in denial HDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer overflow in H5HG_read, resulting in denial of service or potential code execution.

CVE-2024-29160 [HIGH] CWE-122 CVE-2024-29160: HDF5 through 1.14.3 contains a heap buffer overflow in H5HG__cache_heap_deserialize, resulting in th HDF5 through 1.14.3 contains a heap buffer overflow in H5HG__cache_heap_deserialize, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.

CVE-2024-33873 [HIGH] CWE-122 CVE-2024-33873: HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c. HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c.

CVE-2024-32613 [HIGH] CVE-2024-32613: HDF5 Library through 1.14.3 contains a heap-based buffer over-read in the function H5HL__fl_deserial HDF5 Library through 1.14.3 contains a heap-based buffer over-read in the function H5HL__fl_deserialize in H5HLcache.c, a different vulnerability than CVE-2024-32612.

CVE-2024-33875 [MEDIUM] CWE-120 CVE-2024-33875: HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__layout_encode in H5Olayout.c, r HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__layout_encode in H5Olayout.c, resulting in the corruption of the instruction pointer.