CVE-2018-17435

Name
CVE-2018-17435
Description
A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting an HDF file to GIF file.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln7#heap-overflow-in-h5o_attr_decode

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:hdfgroup:hdf5:*:*:*:*:*:*:*:* hdf5 >= None <= 1.10.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
hdf5 3.14-community 1.12.1-r0 Holger Jaekel <holger.jaekel@gmx.de> fixed
hdf5 edge-community 1.12.1-r0 Holger Jaekel <holger.jaekel@gmx.de> fixed