The vulnerability of the H5FL_arr_malloc() function in the HDF5 library allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

🗓️ 17 Sep 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

HDF5 H5FL_arr_malloc overflow can expose confidentiality, integrity, and accessibility.

Reporter	Title	Published	Views	Family All 62
AstraLinux	Astra Linux - уязвимость в hdf5	11 Feb 202507:35	–	astralinux
Tenable Nessus	Azure Linux 3.0 Security Update: hdf5 (CVE-2024-29158)	10 Feb 202500:00	–	nessus
Tenable Nessus	CBL Mariner 2.0 Security Update: hdf5 (CVE-2024-29158)	3 Jul 202400:00	–	nessus
Tenable Nessus	RHEL 9 : RHEL AI 1.5 hdf5 (RHSA-2025:3801)	13 Apr 202500:00	–	nessus
Tenable Nessus	SUSE SLES12 Security Update : hdf5 (SUSE-SU-2024:2105-1)	21 Jun 202400:00	–	nessus
Tenable Nessus	SUSE SLES15 / openSUSE 15 Security Update : hdf5 (SUSE-SU-2024:2195-1)	26 Jun 202400:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : hdf5, netcdf, trilinos (SUSE-SU-2024:3144-1)	6 Sep 202400:00	–	nessus
Tenable Nessus	TencentOS Server 4: hdf5 (TSSA-2024:0175)	16 Jun 202500:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2024-29158	5 Mar 202500:00	–	nessus
CBLMariner	CVE-2024-29158 affecting package hdf5 for versions less than 1.14.4.3-1	21 Jun 202409:32	–	cbl_mariner

Vulners

Node

hdf_group hdf5Range<1.14.4

Source	Link
redos	www.redos.red-soft.ru/support/secure/
hdfgroup	www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/
security-tracker	www.security-tracker.debian.org/tracker/CVE-2024-29158
wiki	www.wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0411SE18
web	www.web.nvd.nist.gov/view/vuln/detail

29 Apr 2025 00:00Current

7.7High risk

Vulners AI Score7.7

CVSS 26.2

CVSS 37.4

EPSS0.00225

hdf five library heap overflow data confidentiality data integrity data accessibility