Vulnerabilities > CVE-2018-17433 - Out-of-bounds Write vulnerability in Hdfgroup Hdf5

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

hdfgroup

CWE-787

NVD

Published: 2018-09-24

Updated: 2020-08-24

Summary

A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file.

Vulnerable Configurations

Part	Description	Count
Application	Hdfgroup Hdfgroup Hdf5 1.4.0 Hdfgroup Hdf5 1.4.1 Hdfgroup Hdf5 1.4.2 Hdfgroup Hdf5 1.4.3 Hdfgroup Hdf5 1.4.4 Hdfgroup Hdf5 1.4.5 Hdfgroup Hdf5 1.6.0 Hdfgroup Hdf5 1.6.1 Hdfgroup Hdf5 1.6.2 Hdfgroup Hdf5 1.6.3 Hdfgroup Hdf5 1.6.4 Hdfgroup Hdf5 1.6.5 Hdfgroup Hdf5 1.6.6 Hdfgroup Hdf5 1.6.7 Hdfgroup Hdf5 1.6.8 Hdfgroup Hdf5 1.6.9 Hdfgroup Hdf5 1.6.10 Hdfgroup Hdf5 1.8.0 Hdfgroup Hdf5 1.8.1 Hdfgroup Hdf5 1.8.2 Hdfgroup Hdf5 1.8.3 Hdfgroup Hdf5 1.8.4 Hdfgroup Hdf5 1.8.5 Hdfgroup Hdf5 1.8.6 Hdfgroup Hdf5 1.8.7 Hdfgroup Hdf5 1.8.8 Hdfgroup Hdf5 1.8.9 Hdfgroup Hdf5 1.8.10 Hdfgroup Hdf5 1.8.11 Hdfgroup Hdf5 1.8.12 Hdfgroup Hdf5 1.8.13 Hdfgroup Hdf5 1.8.14 Hdfgroup Hdf5 1.8.15 Hdfgroup Hdf5 1.8.16 Hdfgroup Hdf5 1.8.17 Hdfgroup Hdf5 1.8.18 Hdfgroup Hdf5 1.8.19 Hdfgroup Hdf5 1.8.20 Hdfgroup Hdf5 1.10.0 Hdfgroup Hdf5 1.10.1 Hdfgroup Hdf5 1.10.2 Hdfgroup Hdf5 1.10.3	42

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#heap-overflow-in-readgifimagedesc