Search for packages
| purl | pkg:deb/debian/hdf5@1.6.2-3 |
| Next non-vulnerable version | 1.14.5+repack-3 |
| Latest non-vulnerable version | 1.14.5+repack-3 |
| Risk | 3.9 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2xcu-cxdq-b3hb
Aliases: CVE-2018-17234 |
Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file. |
Affected by 59 other vulnerabilities. |
|
VCID-59vv-6fa4-ckfh
Aliases: CVE-2017-17509 |
In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file. |
Affected by 6 other vulnerabilities. |
|
VCID-88vu-rux2-xfa8
Aliases: CVE-2016-4333 |
The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the array when initializing it. |
Affected by 18 other vulnerabilities. Affected by 14 other vulnerabilities. |
|
VCID-ae73-ha67-tqgm
Aliases: CVE-2018-17237 |
A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207. |
Affected by 59 other vulnerabilities. |
|
VCID-afg8-hmzq-xbf2
Aliases: CVE-2018-11203 |
A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. |
Affected by 6 other vulnerabilities. |
|
VCID-amvr-fecp-rkdr
Aliases: CVE-2016-4332 |
The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library. |
Affected by 18 other vulnerabilities. Affected by 14 other vulnerabilities. |
|
VCID-bqwb-uc25-6ucm
Aliases: CVE-2017-17506 |
In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. |
Affected by 6 other vulnerabilities. |
|
VCID-bv3t-82cc-qfd8
Aliases: CVE-2018-17434 |
A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack. |
Affected by 59 other vulnerabilities. |
|
VCID-c1z9-d33b-w3e6
Aliases: CVE-2016-4331 |
When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution. |
Affected by 18 other vulnerabilities. Affected by 14 other vulnerabilities. |
|
VCID-chka-ff1j-gqe3
Aliases: CVE-2018-11204 |
A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. |
Affected by 6 other vulnerabilities. |
|
VCID-cy3q-7n3v-xbgr
Aliases: CVE-2018-17437 |
Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file. |
Affected by 59 other vulnerabilities. |
|
VCID-dypw-pp9q-bycr
Aliases: CVE-2018-17233 |
A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack. |
Affected by 59 other vulnerabilities. |
|
VCID-e3j2-wght-wbaq
Aliases: CVE-2018-11207 |
A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. |
Affected by 6 other vulnerabilities. |
|
VCID-e4qy-jb8b-dkgg
Aliases: CVE-2018-17438 |
A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack. |
Affected by 59 other vulnerabilities. |
|
VCID-hnkh-k2sk-gqaq
Aliases: CVE-2018-11202 |
A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. |
Affected by 6 other vulnerabilities. |
|
VCID-mkse-aj8h-2fd4
Aliases: CVE-2017-17505 |
In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. |
Affected by 6 other vulnerabilities. |
|
VCID-uzzm-mpfp-s7gv
Aliases: CVE-2017-17508 |
In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. |
Affected by 6 other vulnerabilities. |
|
VCID-ycz8-g88h-7fhs
Aliases: CVE-2016-4330 |
In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution. |
Affected by 18 other vulnerabilities. Affected by 14 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||