CVE-2018-17435

CVE-2018-17435

Name

CVE-2018-17435

Description

A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting an HDF file to GIF file.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln7#heap-overflow-in-h5o_attr_decode

Type

URI

Exploit

https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln7#heap-overflow-in-h5o_attr_decode

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:hdfgroup:hdf5::::::::`	hdf5	>= None	<= 1.10.3

CPE URI

Source package

Min version

Max version

cpe:2.3:a:hdfgroup:hdf5:*:*:*:*:*:*:*:*

hdf5

>= None

<= 1.10.3

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
hdf5	edge-community	1.12.1-r0	Holger Jaekel <holger.jaekel@gmx.de>	fixed
hdf5	3.22-community	1.12.1-r0	None	fixed
hdf5	3.21-community	1.12.1-r0	None	fixed
hdf5	3.20-community	1.12.1-r0	None	fixed
hdf5	3.19-community	1.12.1-r0	None	fixed
hdf5	3.18-community	1.12.1-r0	None	fixed
hdf5	3.17-community	1.12.1-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

hdf5

edge-community

1.12.1-r0

Holger Jaekel <holger.jaekel@gmx.de>

fixed

hdf5

3.22-community