Vulnerabilities > CVE-2017-17505 - NULL Pointer Dereference vulnerability in Hdfgroup Hdf5 1.10.1

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

hdfgroup

CWE-476

NVD

Published: 2017-12-11

Updated: 2017-12-19

Summary

In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.

Vulnerable Configurations

Part	Description	Count
Application	Hdfgroup Hdfgroup Hdf5 1.10.1	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md