Hdfgroup Hdf5 vulnerabilities

CVE-2020-10810 [MEDIUM] CWE-476 CVE-2020-10810: An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5 An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5AC_unpin_entry() located in H5AC.c. It allows an attacker to cause Denial of Service.

CVE-2020-10809 [MEDIUM] CWE-787 CVE-2020-10809: An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.

CVE-2019-9152 [HIGH] CWE-125 CVE-2019-9152: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the functi An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5MM_xstrdup in H5MM.c when called from H5O_dtype_decode_helper in H5Odtype.c.

CVE-2019-9151 [HIGH] CWE-125 CVE-2019-9151: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the functi An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5VM_memcpyvv in H5VM.c when called from H5D__compact_readvv in H5Dcompact.c.

CVE-2019-8398 [MEDIUM] CWE-125 CVE-2019-8398: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the functi An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c.

CVE-2019-8396 [MEDIUM] CWE-119 CVE-2019-8396: A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."

CVE-2019-8397 [MEDIUM] CWE-125 CVE-2019-8397: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the functi An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c.

CVE-2018-17435 [MEDIUM] CWE-125 CVE-2018-17435: A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the HDF HDF5 through 1.10.3 libra A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting an HDF file to GIF file.

CVE-2018-17439 [MEDIUM] CWE-787 CVE-2018-17439: An issue was discovered in the HDF HDF5 1.10.3 library. There is a stack-based buffer overflow in th An issue was discovered in the HDF HDF5 1.10.3 library. There is a stack-based buffer overflow in the function H5S_extent_get_dims() in H5S.c. Specifically, this issue occurs while converting an HDF5 file to a GIF file.

CVE-2018-17432 [MEDIUM] CWE-476 CVE-2018-17432: A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 li A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.

CVE-2018-17434 [MEDIUM] CWE-369 CVE-2018-17434: A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 thro A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.

CVE-2018-17438 [MEDIUM] CWE-369 CVE-2018-17438: A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1. A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.

CVE-2018-17436 [MEDIUM] CWE-787 CVE-2018-17436: ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (invalid write access) via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file.

CVE-2018-17437 [MEDIUM] CWE-772 CVE-2018-17437: Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 l Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.

CVE-2018-17433 [MEDIUM] CWE-787 CVE-2018-17433: A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 through 1.10.3 libra A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file.

CVE-2018-17237 [MEDIUM] CVE-2018-17237: A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1 A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207.

CVE-2018-17234 [MEDIUM] CWE-772 CVE-2018-17234: Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 li Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.

CVE-2018-17233 [MEDIUM] CWE-369 CVE-2018-17233: A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HD A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.

CVE-2018-16438 [HIGH] CWE-125 CVE-2018-16438: An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c.

CVE-2018-15671 [MEDIUM] CWE-400 CVE-2018-15671: An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack consumption has been detecte An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack consumption has been detected in the function H5P__get_cb() in H5Pint.c during an attempted parse of a crafted HDF file. This results in denial of service.