Advisories for Conan/Hdf5 package

2023

Out-of-bounds Write

Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c.

2022

Out-of-bounds Write

A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Out-of-bounds Write

An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Out-of-bounds Read

An out-of-bounds read vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

NULL Pointer Dereference

An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS).

Divide By Zero

A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS).

Out-of-bounds Write

A Stack-based Buffer Overflow Vulnerability exists in HDF5 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent).

Out-of-bounds Write

A heap-based buffer overflow vulnerability exists in HDF5 via H5F_addr_decode_len in /hdf5/src/H5Fint.c, which could cause a Denial of Service.

Out-of-bounds Write

A Stack-based Buffer Overflow Vulnerability exists in HDF5 via the H5D__create_chunk_file_map_hyper function in /hdf5/src/H5Dchunk.c, which causes a Denial of Service (context-dependent).

2020

Out-of-bounds Write

A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.

Out-of-bounds Read

An issue was discovered in HDF5. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service.