Hdfgroup Hdf5 vulnerabilities

131 known vulnerabilities affecting hdfgroup/hdf5.

Total CVEs

131

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL19HIGH47MEDIUM64LOW1

Vulnerabilities

Page 4 of 7

CVE-2024-32607MEDIUMCVSS 5.7fixed in 1.14.42024-05-14

CVE-2024-32607 [MEDIUM] CWE-125 CVE-2024-32607: HDF5 Library through 1.14.3 has a SEGV in H5A__close in H5Aint.c, resulting in the corruption of the HDF5 Library through 1.14.3 has a SEGV in H5A__close in H5Aint.c, resulting in the corruption of the instruction pointer.

nvdosv

CVE-2024-29166MEDIUMCVSS 5.7fixed in 1.14.42024-05-14

CVE-2024-29166 [MEDIUM] CWE-120 CVE-2024-29166: HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode, resulting in the corruption of HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.

nvdosv

CVE-2024-32610MEDIUMCVSS 5.7fixed in 1.14.42024-05-14

CVE-2024-32610 [MEDIUM] CWE-416 CVE-2024-32610: HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c, resulting in a corrupted instruct HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c, resulting in a corrupted instruction pointer.

nvdosv

CVE-2024-33876MEDIUMCVSS 5.7fixed in 1.14.42024-05-14

CVE-2024-33876 [MEDIUM] CWE-120 CVE-2024-33876: HDF5 Library through 1.14.3 has a heap buffer overflow in H5S__point_deserialize in H5Spoint.c. HDF5 Library through 1.14.3 has a heap buffer overflow in H5S__point_deserialize in H5Spoint.c.

nvdosv

CVE-2024-32606MEDIUMCVSS 5.7fixed in 1.14.42024-05-14

CVE-2024-32606 [MEDIUM] CWE-908 CVE-2024-32606: HDF5 Library through 1.14.3 may attempt to dereference uninitialized values in h5tools_str_sprint in HDF5 Library through 1.14.3 may attempt to dereference uninitialized values in h5tools_str_sprint in tools/lib/h5tools_str.c (called from h5tools_dump_simple_data in tools/lib/h5tools_dump.c).

nvdosv

CVE-2020-18494HIGHCVSS 8.8v1.10.42023-08-22

CVE-2020-18494 [HIGH] CWE-787 CVE-2020-18494: Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file.

nvd

CVE-2020-18232HIGHCVSS 8.8v1.10.42023-08-22

CVE-2020-18232 [HIGH] CWE-787 CVE-2020-18232: Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file.

nvd

CVE-2021-37501HIGHCVSS 7.5≥ 1.12.0, ≤ 1.13.02023-02-03

CVE-2021-37501 [HIGH] CWE-787 CVE-2021-37501: Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to caus Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c.

nvdosv

CVE-2022-26061HIGHCVSS 7.8v1.10.42022-08-22

CVE-2022-26061 [HIGH] CWE-122 CVE-2022-26061: A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

nvdosv

CVE-2022-25972HIGHCVSS 7.8v1.10.42022-08-22

CVE-2022-25972 [HIGH] CWE-787 CVE-2022-25972: An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4 An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

nvdosv

CVE-2022-25942HIGHCVSS 7.8v1.10.42022-08-22

CVE-2022-25942 [HIGH] CWE-125 CVE-2022-25942: An out-of-bounds read vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. An out-of-bounds read vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

nvdosv

CVE-2021-46242HIGHCVSS 8.8v1.13.1-12022-01-21

CVE-2021-46242 [HIGH] CWE-416 CVE-2021-46242: HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry. HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry.

nvdosv

CVE-2021-46244MEDIUMCVSS 6.5v1.13.1-12022-01-21

CVE-2021-46244 [MEDIUM] CWE-369 CVE-2021-46244: A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /h A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS).

nvdosv

CVE-2021-46243MEDIUMCVSS 6.5v1.13.1-12022-01-21

CVE-2021-46243 [MEDIUM] CWE-476 CVE-2021-46243: An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_ An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS).

nvd

CVE-2021-45830MEDIUMCVSS 5.5v1.13.1-12022-01-05

CVE-2021-45830 [MEDIUM] CWE-787 CVE-2021-45830: A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/ A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/src/H5Fint.c, which could cause a Denial of Service.

nvdosv

CVE-2021-45833MEDIUMCVSS 5.5v1.13.1-12022-01-05

CVE-2021-45833 [MEDIUM] CWE-787 CVE-2021-45833: A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_m A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_map_hyper function in /hdf5/src/H5Dchunk.c, which causes a Denial of Service (context-dependent).

nvdosv

CVE-2021-45832MEDIUMCVSS 5.5v1.13.1-12022-01-05

CVE-2021-45832 [MEDIUM] CWE-674 CVE-2021-45832: A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which c A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent).

nvd

CVE-2021-45829MEDIUMCVSS 5.5v1.13.1-12022-01-03

CVE-2021-45829 [MEDIUM] CWE-404 CVE-2021-45829: HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denial of Service. HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denial of Service.

nvd

CVE-2020-10811MEDIUMCVSS 5.5≤ 1.12.02020-03-22

CVE-2020-10811 [MEDIUM] CWE-125 CVE-2020-10811: An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service.

nvdosv

CVE-2020-10812MEDIUMCVSS 5.5≤ 1.12.02020-03-22

CVE-2020-10812 [MEDIUM] CWE-476 CVE-2020-10812: An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5 An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an attacker to cause Denial of Service.

nvd

← Previous4 / 7Next →