CVE-2024-32618

2024-05-1415:36:47

Debian Security Bug Tracker

security-tracker.debian.org

hdf5 library

buffer overflow

instruction pointer

unix

CVSS3

7.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

JSON

HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__get_native_type in H5Tnative.c, resulting in the corruption of the instruction pointer.

OSVersionArchitecturePackageVersionFilename
Debian12allhdf5<= 1.10.8+repack1-1hdf5_1.10.8+repack1-1_all.deb
Debian11allhdf5<= 1.10.6+repack-4+deb11u1hdf5_1.10.6+repack-4+deb11u1_all.deb
Debian999allhdf5<= 1.10.10+repack-4hdf5_1.10.10+repack-4_all.deb
Debian13allhdf5<= 1.10.10+repack-4hdf5_1.10.10+repack-4_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	hdf5	<= 1.10.8+repack1-1	hdf5_1.10.8+repack1-1_all.deb
Debian	11	all	hdf5	<= 1.10.6+repack-4+deb11u1	hdf5_1.10.6+repack-4+deb11u1_all.deb
Debian	999	all	hdf5	<= 1.10.10+repack-4	hdf5_1.10.10+repack-4_all.deb
Debian	13	all	hdf5	<= 1.10.10+repack-4	hdf5_1.10.10+repack-4_all.deb