Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/98393?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "type": "deb", "namespace": "debian", "name": "hdf5", "version": "1.14.5+repack-3", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.14.6+repack-2", "latest_non_vulnerable_version": "1.14.6+repack-2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72373?format=api", "vulnerability_id": "VCID-1qt2-92gt-f3fk", "summary": "HDF5 Library through 1.14.3 contains a heap-based buffer over-read in the function H5HL__fl_deserialize in H5HLcache.c, a different vulnerability than CVE-2024-32612.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32613.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32613.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32613", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25089", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25078", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32613" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32613", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32613" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T18:12:45Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-32613" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1qt2-92gt-f3fk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72380?format=api", "vulnerability_id": "VCID-2r6p-322p-37dm", "summary": "HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5F_addr_decode_len in H5Fint.c, resulting in the corruption of the instruction pointer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32620.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32620.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32620", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21962", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21948", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32620" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32620", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32620" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T18:12:31Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-32620" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2r6p-322p-37dm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72319?format=api", "vulnerability_id": "VCID-2xcu-cxdq-b3hb", "summary": "Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17234.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17234.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17234", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32349", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32419", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32388", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17234" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17234", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17234" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633856", "reference_id": "1633856", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633856" }, { "reference_url": "https://usn.ubuntu.com/USN-5272-1/", "reference_id": "USN-USN-5272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98406?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98391?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-4kz9-zrss-83bx" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-dmz7-rekk-1bax" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kpny-jvxd-h7df" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-p78p-43n3-yqgg" }, { "vulnerability": "VCID-pmtb-wxmw-2yh2" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qttu-atch-hkcq" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-ua6h-y2bc-jqdy" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-untx-ks69-4yc3" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98389?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-17234" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2xcu-cxdq-b3hb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72327?format=api", "vulnerability_id": "VCID-4kz9-zrss-83bx", "summary": "A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting an HDF file to GIF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17435.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17435.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17435", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00752", "scoring_system": "epss", "scoring_elements": "0.73551", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00752", "scoring_system": "epss", "scoring_elements": "0.73587", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00752", "scoring_system": "epss", "scoring_elements": "0.73592", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17435" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17435", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17435" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634125", "reference_id": "1634125", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634125" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98398?format=api", "purl": "pkg:deb/debian/hdf5@1.10.7%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.7%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98389?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-17435" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4kz9-zrss-83bx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72284?format=api", "vulnerability_id": "VCID-59vv-6fa4-ckfh", "summary": "In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17509.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17509.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17509", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59499", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59549", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59552", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17509" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17509", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17509" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524911", "reference_id": "1524911", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524911" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884365", "reference_id": "884365", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884365" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98394?format=api", "purl": "pkg:deb/debian/hdf5@1.10.4%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.4%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98391?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-4kz9-zrss-83bx" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-dmz7-rekk-1bax" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kpny-jvxd-h7df" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-p78p-43n3-yqgg" }, { "vulnerability": "VCID-pmtb-wxmw-2yh2" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qttu-atch-hkcq" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-ua6h-y2bc-jqdy" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-untx-ks69-4yc3" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98389?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-17509" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-59vv-6fa4-ckfh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72369?format=api", "vulnerability_id": "VCID-5v4u-uu83-sqc8", "summary": "HDF5 Library through 1.14.3 allows stack consumption in the function H5E_printf_stack in H5Eint.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32609.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32609.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32609", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.62177", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.62185", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32609" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32609", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32609" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-16T15:46:41Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-32609" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5v4u-uu83-sqc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72384?format=api", "vulnerability_id": "VCID-7xfq-w24m-yugw", "summary": "HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__ref_mem_setnull in H5Tref.c (called from H5T__conv_ref in H5Tconv.c), resulting in the corruption of the instruction pointer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32624.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32624.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32624", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63827", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00446", "scoring_system": "epss", "scoring_elements": "0.63834", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32624" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32624", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32624" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-09T19:29:50Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-32624" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7xfq-w24m-yugw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72277?format=api", "vulnerability_id": "VCID-88vu-rux2-xfa8", "summary": "The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the array when initializing it.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4333.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4333.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4333", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48473", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48536", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48543", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4333" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397708", "reference_id": "1397708", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397708" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845301", "reference_id": "845301", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845301" }, { "reference_url": "https://security.gentoo.org/glsa/201701-13", "reference_id": "GLSA-201701-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-13" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98390?format=api", "purl": "pkg:deb/debian/hdf5@1.10.0-patch1%2Bdocs-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.0-patch1%252Bdocs-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98391?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-4kz9-zrss-83bx" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-dmz7-rekk-1bax" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kpny-jvxd-h7df" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-p78p-43n3-yqgg" }, { "vulnerability": "VCID-pmtb-wxmw-2yh2" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qttu-atch-hkcq" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-ua6h-y2bc-jqdy" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-untx-ks69-4yc3" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98389?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-4333" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-88vu-rux2-xfa8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72365?format=api", "vulnerability_id": "VCID-89j8-dfkx-2bhs", "summary": "HDF5 Library through 1.14.3 has a heap-based buffer over-read in H5VM_memcpyvv in H5VM.c (called from H5D__compact_readvv in H5Dcompact.c).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32605.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32605.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32605", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65453", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65464", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32605" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32605", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32605" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-09T18:24:23Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-32605" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-89j8-dfkx-2bhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72370?format=api", "vulnerability_id": "VCID-8aac-7mgq-h7a4", "summary": "HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c, resulting in a corrupted instruction pointer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32610.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32610.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32610", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1655", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16547", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32610" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32610", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32610" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-20T13:20:14Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-32610" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8aac-7mgq-h7a4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44371?format=api", "vulnerability_id": "VCID-8df1-wt32-pqa6", "summary": "Out-of-bounds Write\nBuffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37501.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37501.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37501", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34377", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34279", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.3571", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37501" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37501", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37501" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/HDFGroup/hdf5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-26T18:37:52Z/" } ], "url": "https://github.com/HDFGroup/hdf5" }, { "reference_url": "https://github.com/ST4RF4LL/Something_Found/blob/main/HDF5_v1.13.0_h5dump_heap_overflow.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-26T18:37:52Z/" } ], "url": "https://github.com/ST4RF4LL/Something_Found/blob/main/HDF5_v1.13.0_h5dump_heap_overflow.md" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230281", "reference_id": "2230281", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230281" }, { "reference_url": "https://github.com/HDFGroup/hdf5/issues/2458", "reference_id": "2458", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-26T18:37:52Z/" } ], "url": "https://github.com/HDFGroup/hdf5/issues/2458" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37501", "reference_id": "CVE-2021-37501", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-37501" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8df1-wt32-pqa6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72356?format=api", "vulnerability_id": "VCID-8dhg-t7wf-v3ah", "summary": "HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29158.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29158.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29158", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22091", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22077", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29158" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-09T18:16:55Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-29158" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8dhg-t7wf-v3ah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72309?format=api", "vulnerability_id": "VCID-8jym-e7p3-7qgg", "summary": "An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5T_copy in H5T.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14031.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14031.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14031", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00546", "scoring_system": "epss", "scoring_elements": "0.68189", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00546", "scoring_system": "epss", "scoring_elements": "0.68228", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00546", "scoring_system": "epss", "scoring_elements": "0.68236", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14031" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14031", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14031" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1600979", "reference_id": "1600979", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1600979" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14031" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8jym-e7p3-7qgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72386?format=api", "vulnerability_id": "VCID-adzd-m4tm-v3f8", "summary": "HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-33874.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-33874.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-33874", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.6553", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.6554", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-33874" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33874", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33874" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-15T15:46:32Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-33874" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-adzd-m4tm-v3f8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72320?format=api", "vulnerability_id": "VCID-ae73-ha67-tqgm", "summary": "A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17237.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17237.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17237", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33416", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33517", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33532", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17237" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17237", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17237" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633860", "reference_id": "1633860", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633860" }, { "reference_url": "https://usn.ubuntu.com/USN-5272-1/", "reference_id": "USN-USN-5272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98406?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98391?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-4kz9-zrss-83bx" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-dmz7-rekk-1bax" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kpny-jvxd-h7df" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-p78p-43n3-yqgg" }, { "vulnerability": "VCID-pmtb-wxmw-2yh2" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qttu-atch-hkcq" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-ua6h-y2bc-jqdy" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-untx-ks69-4yc3" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98389?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-17237" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ae73-ha67-tqgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72288?format=api", "vulnerability_id": "VCID-afg8-hmzq-xbf2", "summary": "A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11203.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11203.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11203", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.70014", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.70055", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.70064", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11203" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579951", "reference_id": "1579951", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579951" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98394?format=api", "purl": "pkg:deb/debian/hdf5@1.10.4%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.4%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98391?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-4kz9-zrss-83bx" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-dmz7-rekk-1bax" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kpny-jvxd-h7df" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-p78p-43n3-yqgg" }, { "vulnerability": "VCID-pmtb-wxmw-2yh2" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qttu-atch-hkcq" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-ua6h-y2bc-jqdy" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-untx-ks69-4yc3" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98389?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-11203" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-afg8-hmzq-xbf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72360?format=api", "vulnerability_id": "VCID-ajuw-pqtu-mygw", "summary": "HDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer overflow in H5HG_read, resulting in denial of service or potential code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29162.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29162.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29162", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24936", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24924", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29162" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-09T18:16:18Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-29162" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ajuw-pqtu-mygw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72276?format=api", "vulnerability_id": "VCID-amvr-fecp-rkdr", "summary": "The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4332.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4332.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4332", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.28896", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.28967", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.28931", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397707", "reference_id": "1397707", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397707" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845301", "reference_id": "845301", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845301" }, { "reference_url": "https://security.gentoo.org/glsa/201701-13", "reference_id": "GLSA-201701-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-13" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98390?format=api", "purl": "pkg:deb/debian/hdf5@1.10.0-patch1%2Bdocs-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.0-patch1%252Bdocs-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98391?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-4kz9-zrss-83bx" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-dmz7-rekk-1bax" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kpny-jvxd-h7df" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-p78p-43n3-yqgg" }, { "vulnerability": "VCID-pmtb-wxmw-2yh2" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qttu-atch-hkcq" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-ua6h-y2bc-jqdy" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-untx-ks69-4yc3" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98389?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-4332" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-amvr-fecp-rkdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72387?format=api", "vulnerability_id": "VCID-bhy6-usxm-h7a4", "summary": "HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__layout_encode in H5Olayout.c, resulting in the corruption of the instruction pointer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-33875.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-33875.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-33875", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20027", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20022", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-33875" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33875", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33875" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T18:05:03Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-33875" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bhy6-usxm-h7a4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72280?format=api", "vulnerability_id": "VCID-bqwb-uc25-6ucm", "summary": "In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17506.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17506.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17506", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.6306", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.63104", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.63112", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17506" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17506", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17506" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:P/I:N/A:P" }, { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524907", "reference_id": "1524907", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524907" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884365", "reference_id": "884365", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884365" }, { "reference_url": "https://usn.ubuntu.com/USN-4817-1/", "reference_id": "USN-USN-4817-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4817-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98394?format=api", "purl": "pkg:deb/debian/hdf5@1.10.4%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.4%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98391?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-4kz9-zrss-83bx" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-dmz7-rekk-1bax" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kpny-jvxd-h7df" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-p78p-43n3-yqgg" }, { "vulnerability": "VCID-pmtb-wxmw-2yh2" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qttu-atch-hkcq" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-ua6h-y2bc-jqdy" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-untx-ks69-4yc3" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98389?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-17506" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bqwb-uc25-6ucm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72324?format=api", "vulnerability_id": "VCID-bv3t-82cc-qfd8", "summary": "A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17434.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17434.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17434", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52418", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52478", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52486", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17434" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17434", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17434" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634121", "reference_id": "1634121", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634121" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98406?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98391?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-4kz9-zrss-83bx" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-dmz7-rekk-1bax" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kpny-jvxd-h7df" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-p78p-43n3-yqgg" }, { "vulnerability": "VCID-pmtb-wxmw-2yh2" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qttu-atch-hkcq" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-ua6h-y2bc-jqdy" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-untx-ks69-4yc3" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98389?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-17434" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bv3t-82cc-qfd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72275?format=api", "vulnerability_id": "VCID-c1z9-d33b-w3e6", "summary": "When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4331.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4331.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4331", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63984", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.64026", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.64034", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4331" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397704", "reference_id": "1397704", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397704" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845301", "reference_id": "845301", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845301" }, { "reference_url": "https://security.gentoo.org/glsa/201701-13", "reference_id": "GLSA-201701-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-13" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98390?format=api", "purl": "pkg:deb/debian/hdf5@1.10.0-patch1%2Bdocs-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.0-patch1%252Bdocs-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98391?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-4kz9-zrss-83bx" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-dmz7-rekk-1bax" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kpny-jvxd-h7df" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-p78p-43n3-yqgg" }, { "vulnerability": "VCID-pmtb-wxmw-2yh2" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qttu-atch-hkcq" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-ua6h-y2bc-jqdy" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-untx-ks69-4yc3" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98389?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-4331" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c1z9-d33b-w3e6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72312?format=api", "vulnerability_id": "VCID-c2d5-k2pu-m3ba", "summary": "An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c, related to HDmemcpy.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14033.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14033.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14033", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00546", "scoring_system": "epss", "scoring_elements": "0.68189", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00546", "scoring_system": "epss", "scoring_elements": "0.68228", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00546", "scoring_system": "epss", "scoring_elements": "0.68236", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14033" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14033", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14033" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1600982", "reference_id": "1600982", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1600982" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14033" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c2d5-k2pu-m3ba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72376?format=api", "vulnerability_id": "VCID-c54w-b13w-uke7", "summary": "HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5O__dtype_encode_helper in H5Odtype.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32616.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32616.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32616", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25089", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25078", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32616" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32616", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32616" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T18:12:38Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-32616" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c54w-b13w-uke7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72368?format=api", "vulnerability_id": "VCID-caba-jf2d-yubt", "summary": "HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32608.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32608.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32608", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0094", "scoring_system": "epss", "scoring_elements": "0.76638", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0094", "scoring_system": "epss", "scoring_elements": "0.76644", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32608" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T20:27:48Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-32608" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-caba-jf2d-yubt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72290?format=api", "vulnerability_id": "VCID-chka-ff1j-gqe3", "summary": "A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11204.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11204.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11204", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58454", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.585", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58509", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11204" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11204", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11204" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579955", "reference_id": "1579955", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579955" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98394?format=api", "purl": "pkg:deb/debian/hdf5@1.10.4%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.4%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98391?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-4kz9-zrss-83bx" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-dmz7-rekk-1bax" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kpny-jvxd-h7df" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-p78p-43n3-yqgg" }, { "vulnerability": "VCID-pmtb-wxmw-2yh2" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qttu-atch-hkcq" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-ua6h-y2bc-jqdy" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-untx-ks69-4yc3" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98389?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-11204" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-chka-ff1j-gqe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72332?format=api", "vulnerability_id": "VCID-cy3q-7n3v-xbgr", "summary": "Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17437.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17437.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17437", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33676", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33777", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33792", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17437" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17437", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17437" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634132", "reference_id": "1634132", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634132" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98406?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98391?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-4kz9-zrss-83bx" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-dmz7-rekk-1bax" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kpny-jvxd-h7df" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-p78p-43n3-yqgg" }, { "vulnerability": "VCID-pmtb-wxmw-2yh2" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qttu-atch-hkcq" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-ua6h-y2bc-jqdy" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-untx-ks69-4yc3" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98389?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-17437" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cy3q-7n3v-xbgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72385?format=api", "vulnerability_id": "VCID-d9fr-59ax-vya4", "summary": "HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-33873.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-33873.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-33873", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.66383", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.66392", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-33873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33873" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-09T18:24:19Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-33873" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d9fr-59ax-vya4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52414?format=api", "vulnerability_id": "VCID-dmz7-rekk-1bax", "summary": "NULL Pointer Dereference\nA NULL pointer dereference exists in the function `H5AC_unpin_entry()` located in `H5AC.c`. It allows an attacker to cause Denial of Service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10810.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10810.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10810", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.625", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62546", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62555", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10810" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10810", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10810" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827475", "reference_id": "1827475", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827475" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10810", "reference_id": "CVE-2020-10810", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10810" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98397?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98389?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-10810" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dmz7-rekk-1bax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72318?format=api", "vulnerability_id": "VCID-dypw-pp9q-bycr", "summary": "A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17233.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17233.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50915", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50977", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50982", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17233" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633853", "reference_id": "1633853", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633853" }, { "reference_url": "https://usn.ubuntu.com/USN-5272-1/", "reference_id": "USN-USN-5272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98406?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98391?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-4kz9-zrss-83bx" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-dmz7-rekk-1bax" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kpny-jvxd-h7df" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-p78p-43n3-yqgg" }, { "vulnerability": "VCID-pmtb-wxmw-2yh2" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qttu-atch-hkcq" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-ua6h-y2bc-jqdy" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-untx-ks69-4yc3" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98389?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-17233" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dypw-pp9q-bycr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72300?format=api", "vulnerability_id": "VCID-e3j2-wght-wbaq", "summary": "A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11207.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11207.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11207", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75513", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75541", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75545", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11207" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11207", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11207" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579961", "reference_id": "1579961", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579961" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98394?format=api", "purl": "pkg:deb/debian/hdf5@1.10.4%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.4%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98391?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-4kz9-zrss-83bx" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-dmz7-rekk-1bax" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kpny-jvxd-h7df" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-p78p-43n3-yqgg" }, { "vulnerability": "VCID-pmtb-wxmw-2yh2" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qttu-atch-hkcq" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-ua6h-y2bc-jqdy" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-untx-ks69-4yc3" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98389?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-11207" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e3j2-wght-wbaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41958?format=api", "vulnerability_id": "VCID-e4aq-y2zm-tybp", "summary": "Out-of-bounds Write\nA Stack-based Buffer Overflow Vulnerability exists in HDF5 via the H5D__create_chunk_file_map_hyper function in /hdf5/src/H5Dchunk.c, which causes a Denial of Service (context-dependent).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45833.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45833.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45833", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50065", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50127", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50135", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45833" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/HDFGroup/hdf5/issues/1313", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/HDFGroup/hdf5/issues/1313" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049109", "reference_id": "2049109", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049109" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45833", "reference_id": "CVE-2021-45833", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45833" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-45833" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e4aq-y2zm-tybp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72334?format=api", "vulnerability_id": "VCID-e4qy-jb8b-dkgg", "summary": "A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17438.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17438.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17438", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58346", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58393", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58401", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17438" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17438", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17438" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634139", "reference_id": "1634139", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634139" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98412?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98391?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-4kz9-zrss-83bx" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-dmz7-rekk-1bax" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kpny-jvxd-h7df" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-p78p-43n3-yqgg" }, { "vulnerability": "VCID-pmtb-wxmw-2yh2" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qttu-atch-hkcq" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-ua6h-y2bc-jqdy" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-untx-ks69-4yc3" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98389?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-17438" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e4qy-jb8b-dkgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72363?format=api", "vulnerability_id": "VCID-euh2-g5tb-kyc7", "summary": "HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_fletcher32, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29165.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29165.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29165", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24936", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24924", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29165", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29165" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-09T18:14:54Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-29165" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-euh2-g5tb-kyc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72383?format=api", "vulnerability_id": "VCID-evc7-d6mz-dqh7", "summary": "HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5VM_array_fill in H5VM.c (called from H5S_select_elements in H5Spoint.c).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32623.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32623.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32623", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.006", "scoring_system": "epss", "scoring_elements": "0.69873", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.006", "scoring_system": "epss", "scoring_elements": "0.69882", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32623" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-10T14:03:15Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-32623" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-evc7-d6mz-dqh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72382?format=api", "vulnerability_id": "VCID-g4wu-fszp-sbcp", "summary": "HDF5 Library through 1.14.3 contains a out-of-bounds read operation in H5FL_arr_malloc in H5FL.c (called from H5S_set_extent_simple in H5S.c).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32622.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32622.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32622", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.64187", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.64195", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32622" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-20T13:23:51Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-32622" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g4wu-fszp-sbcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72317?format=api", "vulnerability_id": "VCID-h2q3-ub28-9ygd", "summary": "An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16438.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16438.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16438", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.68317", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.68359", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.68367", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16438" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16438", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16438" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625424", "reference_id": "1625424", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625424" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-16438" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h2q3-ub28-9ygd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72389?format=api", "vulnerability_id": "VCID-hguc-e36x-kkfj", "summary": "HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T__conv_struct_opt in H5Tconv.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-33877.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-33877.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-33877", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.006", "scoring_system": "epss", "scoring_elements": "0.69873", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.006", "scoring_system": "epss", "scoring_elements": "0.69882", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-33877" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33877", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33877" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-09T18:23:53Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-33877" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hguc-e36x-kkfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72285?format=api", "vulnerability_id": "VCID-hnkh-k2sk-gqaq", "summary": "A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11202.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11202.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01323", "scoring_system": "epss", "scoring_elements": "0.80231", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01323", "scoring_system": "epss", "scoring_elements": "0.80255", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01323", "scoring_system": "epss", "scoring_elements": "0.80258", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11202" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579946", "reference_id": "1579946", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579946" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98394?format=api", "purl": "pkg:deb/debian/hdf5@1.10.4%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.4%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98391?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-4kz9-zrss-83bx" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-dmz7-rekk-1bax" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kpny-jvxd-h7df" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-p78p-43n3-yqgg" }, { "vulnerability": "VCID-pmtb-wxmw-2yh2" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qttu-atch-hkcq" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-ua6h-y2bc-jqdy" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-untx-ks69-4yc3" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98389?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-11202" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hnkh-k2sk-gqaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72282?format=api", "vulnerability_id": "VCID-j2ck-xmvp-h7f7", "summary": "In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17507.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17507.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17507", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34869", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34966", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34981", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17507" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17507", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17507" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:P/I:N/A:P" }, { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524909", "reference_id": "1524909", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524909" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915807", "reference_id": "915807", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915807" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-17507" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j2ck-xmvp-h7f7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72339?format=api", "vulnerability_id": "VCID-jeu6-8nb9-d3ep", "summary": "A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka \"Invalid write of size 2.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8396.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8396.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8396", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00482", "scoring_system": "epss", "scoring_elements": "0.65494", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00482", "scoring_system": "epss", "scoring_elements": "0.65546", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00482", "scoring_system": "epss", "scoring_elements": "0.65557", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8396" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034838", "reference_id": "1034838", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034838" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1678254", "reference_id": "1678254", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1678254" }, { "reference_url": "https://security.archlinux.org/AVG-901", "reference_id": "AVG-901", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-901" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-8396" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jeu6-8nb9-d3ep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72379?format=api", "vulnerability_id": "VCID-jgjd-n5m8-cbbk", "summary": "HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_reopen in H5T.c, resulting in the corruption of the instruction pointer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32619.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32619.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32619", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25488", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25474", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32619" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32619", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32619" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T18:12:18Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-32619" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jgjd-n5m8-cbbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72303?format=api", "vulnerability_id": "VCID-kpny-jvxd-h7df", "summary": "An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5O_link_decode in H5Olink.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13869.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13869.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-13869", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00546", "scoring_system": "epss", "scoring_elements": "0.68189", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00546", "scoring_system": "epss", "scoring_elements": "0.68228", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00546", "scoring_system": "epss", "scoring_elements": "0.68236", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-13869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13869" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601467", "reference_id": "1601467", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601467" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98398?format=api", "purl": "pkg:deb/debian/hdf5@1.10.7%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.7%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98389?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-13869" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kpny-jvxd-h7df" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72337?format=api", "vulnerability_id": "VCID-kx1u-3t7h-tyhb", "summary": "An issue was discovered in the HDF HDF5 1.10.3 library. There is a stack-based buffer overflow in the function H5S_extent_get_dims() in H5S.c. Specifically, this issue occurs while converting an HDF5 file to a GIF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17439.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17439.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17439", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00686", "scoring_system": "epss", "scoring_elements": "0.72094", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00686", "scoring_system": "epss", "scoring_elements": "0.72135", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00686", "scoring_system": "epss", "scoring_elements": "0.72142", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17439" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17439", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17439" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634142", "reference_id": "1634142", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634142" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-17439" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kx1u-3t7h-tyhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72374?format=api", "vulnerability_id": "VCID-mgev-h4d6-g3c9", "summary": "HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32614.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32614.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32614", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61059", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61067", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32614" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-10T14:06:06Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-32614" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mgev-h4d6-g3c9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72371?format=api", "vulnerability_id": "VCID-mkrz-w4u4-tuaj", "summary": "HDF5 Library through 1.14.3 may use an uninitialized value in H5A__attr_release_table in H5Aint.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32611.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32611.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32611", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60857", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60864", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32611" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32611", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32611" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-19T17:57:42Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-32611" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mkrz-w4u4-tuaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72279?format=api", "vulnerability_id": "VCID-mkse-aj8h-2fd4", "summary": "In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17505.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17505.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17505", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.63175", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.6322", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.63227", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17505" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17505", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17505" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524906", "reference_id": "1524906", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524906" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884365", "reference_id": "884365", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884365" }, { "reference_url": "https://usn.ubuntu.com/USN-4817-1/", "reference_id": "USN-USN-4817-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4817-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98394?format=api", "purl": "pkg:deb/debian/hdf5@1.10.4%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.4%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98391?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-4kz9-zrss-83bx" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-dmz7-rekk-1bax" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kpny-jvxd-h7df" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-p78p-43n3-yqgg" }, { "vulnerability": "VCID-pmtb-wxmw-2yh2" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qttu-atch-hkcq" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-ua6h-y2bc-jqdy" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-untx-ks69-4yc3" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98389?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-17505" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mkse-aj8h-2fd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72367?format=api", "vulnerability_id": "VCID-n1ag-bkf2-uyd8", "summary": "HDF5 Library through 1.14.3 has a SEGV in H5A__close in H5Aint.c, resulting in the corruption of the instruction pointer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32607.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32607.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32607", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19587", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19581", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32607" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32607", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32607" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-05T13:54:46Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-32607" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n1ag-bkf2-uyd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72358?format=api", "vulnerability_id": "VCID-n3sz-bxsj-dfbw", "summary": "HDF5 through 1.14.3 contains a heap buffer overflow in H5HG__cache_heap_deserialize, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29160.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29160.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29160", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24936", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24924", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29160" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-09T18:16:33Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-29160" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n3sz-bxsj-dfbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72372?format=api", "vulnerability_id": "VCID-p3f9-9fu6-cbff", "summary": "HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5HL__fl_deserialize in H5HLcache.c, resulting in the corruption of the instruction pointer, a different vulnerability than CVE-2024-32613.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32612.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32612.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32612", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25089", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25078", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32612" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32612", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32612" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T18:12:51Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-32612" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p3f9-9fu6-cbff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72306?format=api", "vulnerability_id": "VCID-p78p-43n3-yqgg", "summary": "An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_link_decode in H5Olink.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13870.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13870.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-13870", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00546", "scoring_system": "epss", "scoring_elements": "0.68189", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00546", "scoring_system": "epss", "scoring_elements": "0.68228", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00546", "scoring_system": "epss", "scoring_elements": "0.68236", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-13870" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13870", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13870" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601468", "reference_id": "1601468", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601468" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98398?format=api", "purl": "pkg:deb/debian/hdf5@1.10.7%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.7%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98389?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-13870" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p78p-43n3-yqgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72315?format=api", "vulnerability_id": "VCID-pmtb-wxmw-2yh2", "summary": "An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14460.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14460.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14460", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00546", "scoring_system": "epss", "scoring_elements": "0.68189", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00546", "scoring_system": "epss", "scoring_elements": "0.68228", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00546", "scoring_system": "epss", "scoring_elements": "0.68236", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14460" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14460" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1607608", "reference_id": "1607608", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1607608" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98397?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98389?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14460" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pmtb-wxmw-2yh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72353?format=api", "vulnerability_id": "VCID-ppqc-1vsd-1qg6", "summary": "An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25972.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25972.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25972", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23086", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23003", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23072", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25972" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25972", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25972" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1485", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-05T14:56:47Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1485" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031726", "reference_id": "1031726", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031726" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172361", "reference_id": "2172361", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172361" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25972", "reference_id": "CVE-2022-25972", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25972" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98423?format=api", "purl": "pkg:deb/debian/hdf5@1.10.10%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.10%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-25972" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ppqc-1vsd-1qg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72362?format=api", "vulnerability_id": "VCID-qr98-8n65-eue6", "summary": "HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29164.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29164.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29164", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38219", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38222", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29164" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-20T21:02:05Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-29164" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qr98-8n65-eue6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72321?format=api", "vulnerability_id": "VCID-qttu-atch-hkcq", "summary": "A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17432.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17432.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17432", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73605", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73641", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73645", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17432" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634115", "reference_id": "1634115", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634115" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98397?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98389?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-17432" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qttu-atch-hkcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72352?format=api", "vulnerability_id": "VCID-qzz2-61s2-bkca", "summary": "An out-of-bounds read vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25942.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25942.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25942", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26708", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26605", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26698", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25942" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1486", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:18:37Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1486" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031726", "reference_id": "1031726", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031726" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172362", "reference_id": "2172362", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172362" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25942", "reference_id": "CVE-2022-25942", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25942" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98423?format=api", "purl": "pkg:deb/debian/hdf5@1.10.10%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.10%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-25942" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qzz2-61s2-bkca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72377?format=api", "vulnerability_id": "VCID-rr9y-73f6-ybab", "summary": "HDF5 Library through 1.14.3 contains a heap-based buffer over-read caused by the unsafe use of strdup in H5MM_xstrdup in H5MM.c (called from H5G__ent_to_link in H5Glink.c).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32617.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32617.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32617", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00441", "scoring_system": "epss", "scoring_elements": "0.63582", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00441", "scoring_system": "epss", "scoring_elements": "0.63589", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32617" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32617", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32617" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-20T13:21:45Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-32617" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rr9y-73f6-ybab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72359?format=api", "vulnerability_id": "VCID-rwu5-z6rj-uye7", "summary": "HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29161.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29161.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29161", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.61281", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.61289", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29161" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29161", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29161" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-09T18:24:29Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-29161" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rwu5-z6rj-uye7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42140?format=api", "vulnerability_id": "VCID-s161-wyhp-e3hw", "summary": "A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-46244.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-46244.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-46244", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61838", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61886", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61895", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-46244" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46244", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46244" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/HDFGroup/hdf5/issues/1327", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/HDFGroup/hdf5/issues/1327" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045000", "reference_id": "2045000", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045000" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46244", "reference_id": "CVE-2021-46244", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46244" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-46244" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s161-wyhp-e3hw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72364?format=api", "vulnerability_id": "VCID-tba6-aqxs-nqgm", "summary": "HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29166.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29166.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29166", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17446", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17441", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29166" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-16T16:17:22Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-29166" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tba6-aqxs-nqgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41964?format=api", "vulnerability_id": "VCID-td2e-qeam-fucf", "summary": "Out-of-bounds Write\nA heap-based buffer overflow vulnerability exists in HDF5 via H5F_addr_decode_len in /hdf5/src/H5Fint.c, which could cause a Denial of Service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45830.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45830.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45830", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50065", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50127", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.50135", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45830" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/HDFGroup/hdf5/issues/1314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/HDFGroup/hdf5/issues/1314" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049121", "reference_id": "2049121", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049121" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45830", "reference_id": "CVE-2021-45830", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45830" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-45830" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-td2e-qeam-fucf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52408?format=api", "vulnerability_id": "VCID-ua6h-y2bc-jqdy", "summary": "Out-of-bounds Read\nAn issue was discovered in HDF5. A heap-based buffer over-read exists in the function `H5O__layout_decode()` located in `H5Olayout.c`. It allows an attacker to cause Denial of Service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10811.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10811.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10811", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.62848", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.62891", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.629", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10811" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10811", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10811" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827478", "reference_id": "1827478", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827478" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10811", "reference_id": "CVE-2020-10811", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10811" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98397?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98389?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-10811" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ua6h-y2bc-jqdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72357?format=api", "vulnerability_id": "VCID-uhhu-7sbk-gqaf", "summary": "HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_scaleoffset, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29159.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29159.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29159", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.65166", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.65177", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29159" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29159" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-20T13:21:08Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-29159" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uhhu-7sbk-gqaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72297?format=api", "vulnerability_id": "VCID-untx-ks69-4yc3", "summary": "An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11206.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11206.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11206", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00768", "scoring_system": "epss", "scoring_elements": "0.73848", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00768", "scoring_system": "epss", "scoring_elements": "0.73884", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00768", "scoring_system": "epss", "scoring_elements": "0.7389", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11206" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11206", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11206" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579960", "reference_id": "1579960", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579960" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98397?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98389?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-11206" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-untx-ks69-4yc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72361?format=api", "vulnerability_id": "VCID-usd5-mpjq-fkgm", "summary": "HDF5 through 1.14.3 contains a heap buffer overflow in H5T__bit_find, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29163.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29163.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29163", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24936", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24924", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29163" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-09T18:16:01Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-29163" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-usd5-mpjq-fkgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72283?format=api", "vulnerability_id": "VCID-uzzm-mpfp-s7gv", "summary": "In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17508.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17508.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17508", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.6306", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.63104", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.63112", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17508" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17508", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17508" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524910", "reference_id": "1524910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524910" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884365", "reference_id": "884365", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884365" }, { "reference_url": "https://usn.ubuntu.com/USN-4817-1/", "reference_id": "USN-USN-4817-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4817-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98394?format=api", "purl": "pkg:deb/debian/hdf5@1.10.4%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.4%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98391?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-4kz9-zrss-83bx" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-dmz7-rekk-1bax" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kpny-jvxd-h7df" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-p78p-43n3-yqgg" }, { "vulnerability": "VCID-pmtb-wxmw-2yh2" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qttu-atch-hkcq" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-ua6h-y2bc-jqdy" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-untx-ks69-4yc3" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98389?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-17508" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uzzm-mpfp-s7gv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42126?format=api", "vulnerability_id": "VCID-vaam-cd2s-pkh3", "summary": "Use After Free\nHDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-46242.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-46242.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-46242", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52717", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52777", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52783", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-46242" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46242", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46242" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/HDFGroup/hdf5/issues/1329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/HDFGroup/hdf5/issues/1329" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045005", "reference_id": "2045005", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045005" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46242", "reference_id": "CVE-2021-46242", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46242" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-46242" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vaam-cd2s-pkh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72381?format=api", "vulnerability_id": "VCID-vf8n-vse9-4qh3", "summary": "HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5HG_read in H5HG.c (called from H5VL__native_blob_get in H5VLnative_blob.c), resulting in the corruption of the instruction pointer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32621.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32621.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32621", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00577", "scoring_system": "epss", "scoring_elements": "0.69228", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00577", "scoring_system": "epss", "scoring_elements": "0.69237", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32621" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32621", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32621" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-20T13:25:29Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-32621" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vf8n-vse9-4qh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72344?format=api", "vulnerability_id": "VCID-vf9h-vkm4-afgk", "summary": "An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8398.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8398.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8398", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.52057", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.52117", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.52127", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8398" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034838", "reference_id": "1034838", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034838" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1678258", "reference_id": "1678258", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1678258" }, { "reference_url": "https://security.archlinux.org/AVG-901", "reference_id": "AVG-901", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-901" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-8398" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vf9h-vkm4-afgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72293?format=api", "vulnerability_id": "VCID-vn8s-gm5x-eqbd", "summary": "A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11205.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11205.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11205", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70731", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70774", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70781", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11205" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11205", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11205" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034807", "reference_id": "1034807", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034807" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579959", "reference_id": "1579959", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579959" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-11205" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vn8s-gm5x-eqbd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72375?format=api", "vulnerability_id": "VCID-wez5-unzz-kudq", "summary": "HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Z__nbit_decompress_one_byte in H5Znbit.c, caused by the earlier use of an initialized pointer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32615.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32615.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32615", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00577", "scoring_system": "epss", "scoring_elements": "0.69228", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00577", "scoring_system": "epss", "scoring_elements": "0.69237", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32615" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32615", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32615" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-06-11T14:23:03Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-32615" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wez5-unzz-kudq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72366?format=api", "vulnerability_id": "VCID-wt1r-6349-v7at", "summary": "HDF5 Library through 1.14.3 may attempt to dereference uninitialized values in h5tools_str_sprint in tools/lib/h5tools_str.c (called from h5tools_dump_simple_data in tools/lib/h5tools_dump.c).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32606.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32606.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32606", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24715", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24705", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32606" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-16T16:01:10Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-32606" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wt1r-6349-v7at" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72354?format=api", "vulnerability_id": "VCID-x85j-52ep-z7a4", "summary": "A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26061.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26061.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26061", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28231", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.2816", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28181", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26061" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26061", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26061" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1487", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-05T14:54:04Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1487" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031726", "reference_id": "1031726", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031726" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172354", "reference_id": "2172354", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172354" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26061", "reference_id": "CVE-2022-26061", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26061" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98423?format=api", "purl": "pkg:deb/debian/hdf5@1.10.10%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.10%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-26061" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x85j-52ep-z7a4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72378?format=api", "vulnerability_id": "VCID-xnb3-ch5w-d3bt", "summary": "HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__get_native_type in H5Tnative.c, resulting in the corruption of the instruction pointer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32618.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32618.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32618", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28567", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28525", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32618" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T18:12:35Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-32618" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xnb3-ch5w-d3bt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72273?format=api", "vulnerability_id": "VCID-ycz8-g88h-7fhs", "summary": "In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4330.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4330.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4330", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63565", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63608", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63615", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397701", "reference_id": "1397701", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397701" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845301", "reference_id": "845301", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845301" }, { "reference_url": "https://security.gentoo.org/glsa/201701-13", "reference_id": "GLSA-201701-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-13" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98390?format=api", "purl": "pkg:deb/debian/hdf5@1.10.0-patch1%2Bdocs-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.0-patch1%252Bdocs-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98391?format=api", "purl": "pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-4kz9-zrss-83bx" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-dmz7-rekk-1bax" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kpny-jvxd-h7df" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-p78p-43n3-yqgg" }, { "vulnerability": "VCID-pmtb-wxmw-2yh2" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qttu-atch-hkcq" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-ua6h-y2bc-jqdy" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-untx-ks69-4yc3" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98389?format=api", "purl": "pkg:deb/debian/hdf5@1.10.8%2Brepack1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qt2-92gt-f3fk" }, { "vulnerability": "VCID-2r6p-322p-37dm" }, { "vulnerability": "VCID-5v4u-uu83-sqc8" }, { "vulnerability": "VCID-7xfq-w24m-yugw" }, { "vulnerability": "VCID-89j8-dfkx-2bhs" }, { "vulnerability": "VCID-8aac-7mgq-h7a4" }, { "vulnerability": "VCID-8df1-wt32-pqa6" }, { "vulnerability": "VCID-8dhg-t7wf-v3ah" }, { "vulnerability": "VCID-8jym-e7p3-7qgg" }, { "vulnerability": "VCID-adzd-m4tm-v3f8" }, { "vulnerability": "VCID-ajuw-pqtu-mygw" }, { "vulnerability": "VCID-bhy6-usxm-h7a4" }, { "vulnerability": "VCID-c2d5-k2pu-m3ba" }, { "vulnerability": "VCID-c54w-b13w-uke7" }, { "vulnerability": "VCID-caba-jf2d-yubt" }, { "vulnerability": "VCID-d9fr-59ax-vya4" }, { "vulnerability": "VCID-e4aq-y2zm-tybp" }, { "vulnerability": "VCID-euh2-g5tb-kyc7" }, { "vulnerability": "VCID-evc7-d6mz-dqh7" }, { "vulnerability": "VCID-g4wu-fszp-sbcp" }, { "vulnerability": "VCID-h2q3-ub28-9ygd" }, { "vulnerability": "VCID-hguc-e36x-kkfj" }, { "vulnerability": "VCID-j2ck-xmvp-h7f7" }, { "vulnerability": "VCID-jeu6-8nb9-d3ep" }, { "vulnerability": "VCID-jgjd-n5m8-cbbk" }, { "vulnerability": "VCID-kx1u-3t7h-tyhb" }, { "vulnerability": "VCID-mgev-h4d6-g3c9" }, { "vulnerability": "VCID-mkrz-w4u4-tuaj" }, { "vulnerability": "VCID-n1ag-bkf2-uyd8" }, { "vulnerability": "VCID-n3sz-bxsj-dfbw" }, { "vulnerability": "VCID-p3f9-9fu6-cbff" }, { "vulnerability": "VCID-ppqc-1vsd-1qg6" }, { "vulnerability": "VCID-qr98-8n65-eue6" }, { "vulnerability": "VCID-qzz2-61s2-bkca" }, { "vulnerability": "VCID-rr9y-73f6-ybab" }, { "vulnerability": "VCID-rwu5-z6rj-uye7" }, { "vulnerability": "VCID-s161-wyhp-e3hw" }, { "vulnerability": "VCID-tba6-aqxs-nqgm" }, { "vulnerability": "VCID-td2e-qeam-fucf" }, { "vulnerability": "VCID-uhhu-7sbk-gqaf" }, { "vulnerability": "VCID-usd5-mpjq-fkgm" }, { "vulnerability": "VCID-vaam-cd2s-pkh3" }, { "vulnerability": "VCID-vf8n-vse9-4qh3" }, { "vulnerability": "VCID-vf9h-vkm4-afgk" }, { "vulnerability": "VCID-vn8s-gm5x-eqbd" }, { "vulnerability": "VCID-wez5-unzz-kudq" }, { "vulnerability": "VCID-wt1r-6349-v7at" }, { "vulnerability": "VCID-x85j-52ep-z7a4" }, { "vulnerability": "VCID-xnb3-ch5w-d3bt" }, { "vulnerability": "VCID-ze1t-z525-n3e2" }, { "vulnerability": "VCID-zeyd-2fwn-87bh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.8%252Brepack1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-4330" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ycz8-g88h-7fhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72388?format=api", "vulnerability_id": "VCID-ze1t-z525-n3e2", "summary": "HDF5 Library through 1.14.3 has a heap buffer overflow in H5S__point_deserialize in H5Spoint.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-33876.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-33876.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-33876", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22976", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22961", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-33876" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33876", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33876" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-16T16:01:59Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-33876" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ze1t-z525-n3e2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72355?format=api", "vulnerability_id": "VCID-zeyd-2fwn-87bh", "summary": "HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29157.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29157.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29157", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38219", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38222", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29157" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861", "reference_id": "1070861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037", "reference_id": "2280037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280037" }, { "reference_url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/", "reference_id": "new-hdf5-cve-issues-fixed-in-1-14-4", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-16T16:06:11Z/" } ], "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3801", "reference_id": "RHSA-2025:3801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3801" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/98395?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98393?format=api", "purl": "pkg:deb/debian/hdf5@1.14.5%2Brepack-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/98392?format=api", "purl": "pkg:deb/debian/hdf5@1.14.6%2Brepack-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.6%252Brepack-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-29157" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zeyd-2fwn-87bh" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.14.5%252Brepack-3%3Fdistro=trixie" }