Vulnerabilities > CVE-2017-17509 - Out-of-bounds Write vulnerability in Hdfgroup Hdf5 1.10.1

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

hdfgroup

CWE-787

NVD

Published: 2017-12-11

Updated: 2017-12-19

Summary

In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.

Vulnerable Configurations

Part	Description	Count
Application	Hdfgroup Hdfgroup Hdf5 1.10.1	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md