{"url":"http://public2.vulnerablecode.io/api/packages/280906?format=json","purl":"pkg:deb/debian/hdf5@1.6.6-4","type":"deb","namespace":"debian","name":"hdf5","version":"1.6.6-4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.14.5+repack-3","latest_non_vulnerable_version":"1.14.5+repack-3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72319?format=json","vulnerability_id":"VCID-2xcu-cxdq-b3hb","summary":"Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17234.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17234.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17234","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32349","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32419","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17234"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17234","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17234"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1633856","reference_id":"1633856","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1633856"},{"reference_url":"https://usn.ubuntu.com/USN-5272-1/","reference_id":"USN-USN-5272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195413?format=json","purl":"pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qt2-92gt-f3fk"},{"vulnerability":"VCID-2r6p-322p-37dm"},{"vulnerability":"VCID-4kz9-zrss-83bx"},{"vulnerability":"VCID-5v4u-uu83-sqc8"},{"vulnerability":"VCID-7xfq-w24m-yugw"},{"vulnerability":"VCID-89j8-dfkx-2bhs"},{"vulnerability":"VCID-8aac-7mgq-h7a4"},{"vulnerability":"VCID-8df1-wt32-pqa6"},{"vulnerability":"VCID-8dhg-t7wf-v3ah"},{"vulnerability":"VCID-8jym-e7p3-7qgg"},{"vulnerability":"VCID-adzd-m4tm-v3f8"},{"vulnerability":"VCID-ajuw-pqtu-mygw"},{"vulnerability":"VCID-bhy6-usxm-h7a4"},{"vulnerability":"VCID-c2d5-k2pu-m3ba"},{"vulnerability":"VCID-c54w-b13w-uke7"},{"vulnerability":"VCID-caba-jf2d-yubt"},{"vulnerability":"VCID-d9fr-59ax-vya4"},{"vulnerability":"VCID-dmz7-rekk-1bax"},{"vulnerability":"VCID-e4aq-y2zm-tybp"},{"vulnerability":"VCID-euh2-g5tb-kyc7"},{"vulnerability":"VCID-evc7-d6mz-dqh7"},{"vulnerability":"VCID-g4wu-fszp-sbcp"},{"vulnerability":"VCID-h2q3-ub28-9ygd"},{"vulnerability":"VCID-hguc-e36x-kkfj"},{"vulnerability":"VCID-j2ck-xmvp-h7f7"},{"vulnerability":"VCID-jeu6-8nb9-d3ep"},{"vulnerability":"VCID-jgjd-n5m8-cbbk"},{"vulnerability":"VCID-kpny-jvxd-h7df"},{"vulnerability":"VCID-kx1u-3t7h-tyhb"},{"vulnerability":"VCID-mgev-h4d6-g3c9"},{"vulnerability":"VCID-mkrz-w4u4-tuaj"},{"vulnerability":"VCID-n1ag-bkf2-uyd8"},{"vulnerability":"VCID-n3sz-bxsj-dfbw"},{"vulnerability":"VCID-p3f9-9fu6-cbff"},{"vulnerability":"VCID-p78p-43n3-yqgg"},{"vulnerability":"VCID-pmtb-wxmw-2yh2"},{"vulnerability":"VCID-ppqc-1vsd-1qg6"},{"vulnerability":"VCID-qr98-8n65-eue6"},{"vulnerability":"VCID-qttu-atch-hkcq"},{"vulnerability":"VCID-qzz2-61s2-bkca"},{"vulnerability":"VCID-rr9y-73f6-ybab"},{"vulnerability":"VCID-rwu5-z6rj-uye7"},{"vulnerability":"VCID-s161-wyhp-e3hw"},{"vulnerability":"VCID-tba6-aqxs-nqgm"},{"vulnerability":"VCID-td2e-qeam-fucf"},{"vulnerability":"VCID-ua6h-y2bc-jqdy"},{"vulnerability":"VCID-uhhu-7sbk-gqaf"},{"vulnerability":"VCID-untx-ks69-4yc3"},{"vulnerability":"VCID-usd5-mpjq-fkgm"},{"vulnerability":"VCID-vaam-cd2s-pkh3"},{"vulnerability":"VCID-vf8n-vse9-4qh3"},{"vulnerability":"VCID-vf9h-vkm4-afgk"},{"vulnerability":"VCID-vn8s-gm5x-eqbd"},{"vulnerability":"VCID-wez5-unzz-kudq"},{"vulnerability":"VCID-wt1r-6349-v7at"},{"vulnerability":"VCID-x85j-52ep-z7a4"},{"vulnerability":"VCID-xnb3-ch5w-d3bt"},{"vulnerability":"VCID-ze1t-z525-n3e2"},{"vulnerability":"VCID-zeyd-2fwn-87bh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1"}],"aliases":["CVE-2018-17234"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2xcu-cxdq-b3hb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72284?format=json","vulnerability_id":"VCID-59vv-6fa4-ckfh","summary":"In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17509.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17509.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17509","reference_id":"","reference_type":"","scores":[{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59499","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59549","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17509"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524911","reference_id":"1524911","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524911"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884365","reference_id":"884365","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884365"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516765?format=json","purl":"pkg:deb/debian/hdf5@1.10.4%2Brepack-10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xcu-cxdq-b3hb"},{"vulnerability":"VCID-ae73-ha67-tqgm"},{"vulnerability":"VCID-bv3t-82cc-qfd8"},{"vulnerability":"VCID-cy3q-7n3v-xbgr"},{"vulnerability":"VCID-dypw-pp9q-bycr"},{"vulnerability":"VCID-e4qy-jb8b-dkgg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.4%252Brepack-10"}],"aliases":["CVE-2017-17509"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-59vv-6fa4-ckfh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72277?format=json","vulnerability_id":"VCID-88vu-rux2-xfa8","summary":"The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the array when initializing it.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4333.json","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4333.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4333","reference_id":"","reference_type":"","scores":[{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48473","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48536","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4333"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:S/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1397708","reference_id":"1397708","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1397708"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845301","reference_id":"845301","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845301"},{"reference_url":"https://security.gentoo.org/glsa/201701-13","reference_id":"GLSA-201701-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/280910?format=json","purl":"pkg:deb/debian/hdf5@1.8.13%2Bdocs-15%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xcu-cxdq-b3hb"},{"vulnerability":"VCID-59vv-6fa4-ckfh"},{"vulnerability":"VCID-88vu-rux2-xfa8"},{"vulnerability":"VCID-ae73-ha67-tqgm"},{"vulnerability":"VCID-afg8-hmzq-xbf2"},{"vulnerability":"VCID-amvr-fecp-rkdr"},{"vulnerability":"VCID-bqwb-uc25-6ucm"},{"vulnerability":"VCID-bv3t-82cc-qfd8"},{"vulnerability":"VCID-c1z9-d33b-w3e6"},{"vulnerability":"VCID-chka-ff1j-gqe3"},{"vulnerability":"VCID-cy3q-7n3v-xbgr"},{"vulnerability":"VCID-dypw-pp9q-bycr"},{"vulnerability":"VCID-e3j2-wght-wbaq"},{"vulnerability":"VCID-e4qy-jb8b-dkgg"},{"vulnerability":"VCID-hnkh-k2sk-gqaq"},{"vulnerability":"VCID-mkse-aj8h-2fd4"},{"vulnerability":"VCID-uzzm-mpfp-s7gv"},{"vulnerability":"VCID-ycz8-g88h-7fhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.8.13%252Bdocs-15%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/516764?format=json","purl":"pkg:deb/debian/hdf5@1.10.0-patch1%2Bdocs-3%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xcu-cxdq-b3hb"},{"vulnerability":"VCID-59vv-6fa4-ckfh"},{"vulnerability":"VCID-ae73-ha67-tqgm"},{"vulnerability":"VCID-afg8-hmzq-xbf2"},{"vulnerability":"VCID-bqwb-uc25-6ucm"},{"vulnerability":"VCID-bv3t-82cc-qfd8"},{"vulnerability":"VCID-chka-ff1j-gqe3"},{"vulnerability":"VCID-cy3q-7n3v-xbgr"},{"vulnerability":"VCID-dypw-pp9q-bycr"},{"vulnerability":"VCID-e3j2-wght-wbaq"},{"vulnerability":"VCID-e4qy-jb8b-dkgg"},{"vulnerability":"VCID-hnkh-k2sk-gqaq"},{"vulnerability":"VCID-mkse-aj8h-2fd4"},{"vulnerability":"VCID-uzzm-mpfp-s7gv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.0-patch1%252Bdocs-3%252Bdeb9u1"}],"aliases":["CVE-2016-4333"],"risk_score":3.9,"exploitability":"0.5","weighted_severity":"7.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-88vu-rux2-xfa8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72320?format=json","vulnerability_id":"VCID-ae73-ha67-tqgm","summary":"A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17237.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17237.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17237","reference_id":"","reference_type":"","scores":[{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33416","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33517","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17237"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17237","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17237"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1633860","reference_id":"1633860","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1633860"},{"reference_url":"https://usn.ubuntu.com/USN-5272-1/","reference_id":"USN-USN-5272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195413?format=json","purl":"pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qt2-92gt-f3fk"},{"vulnerability":"VCID-2r6p-322p-37dm"},{"vulnerability":"VCID-4kz9-zrss-83bx"},{"vulnerability":"VCID-5v4u-uu83-sqc8"},{"vulnerability":"VCID-7xfq-w24m-yugw"},{"vulnerability":"VCID-89j8-dfkx-2bhs"},{"vulnerability":"VCID-8aac-7mgq-h7a4"},{"vulnerability":"VCID-8df1-wt32-pqa6"},{"vulnerability":"VCID-8dhg-t7wf-v3ah"},{"vulnerability":"VCID-8jym-e7p3-7qgg"},{"vulnerability":"VCID-adzd-m4tm-v3f8"},{"vulnerability":"VCID-ajuw-pqtu-mygw"},{"vulnerability":"VCID-bhy6-usxm-h7a4"},{"vulnerability":"VCID-c2d5-k2pu-m3ba"},{"vulnerability":"VCID-c54w-b13w-uke7"},{"vulnerability":"VCID-caba-jf2d-yubt"},{"vulnerability":"VCID-d9fr-59ax-vya4"},{"vulnerability":"VCID-dmz7-rekk-1bax"},{"vulnerability":"VCID-e4aq-y2zm-tybp"},{"vulnerability":"VCID-euh2-g5tb-kyc7"},{"vulnerability":"VCID-evc7-d6mz-dqh7"},{"vulnerability":"VCID-g4wu-fszp-sbcp"},{"vulnerability":"VCID-h2q3-ub28-9ygd"},{"vulnerability":"VCID-hguc-e36x-kkfj"},{"vulnerability":"VCID-j2ck-xmvp-h7f7"},{"vulnerability":"VCID-jeu6-8nb9-d3ep"},{"vulnerability":"VCID-jgjd-n5m8-cbbk"},{"vulnerability":"VCID-kpny-jvxd-h7df"},{"vulnerability":"VCID-kx1u-3t7h-tyhb"},{"vulnerability":"VCID-mgev-h4d6-g3c9"},{"vulnerability":"VCID-mkrz-w4u4-tuaj"},{"vulnerability":"VCID-n1ag-bkf2-uyd8"},{"vulnerability":"VCID-n3sz-bxsj-dfbw"},{"vulnerability":"VCID-p3f9-9fu6-cbff"},{"vulnerability":"VCID-p78p-43n3-yqgg"},{"vulnerability":"VCID-pmtb-wxmw-2yh2"},{"vulnerability":"VCID-ppqc-1vsd-1qg6"},{"vulnerability":"VCID-qr98-8n65-eue6"},{"vulnerability":"VCID-qttu-atch-hkcq"},{"vulnerability":"VCID-qzz2-61s2-bkca"},{"vulnerability":"VCID-rr9y-73f6-ybab"},{"vulnerability":"VCID-rwu5-z6rj-uye7"},{"vulnerability":"VCID-s161-wyhp-e3hw"},{"vulnerability":"VCID-tba6-aqxs-nqgm"},{"vulnerability":"VCID-td2e-qeam-fucf"},{"vulnerability":"VCID-ua6h-y2bc-jqdy"},{"vulnerability":"VCID-uhhu-7sbk-gqaf"},{"vulnerability":"VCID-untx-ks69-4yc3"},{"vulnerability":"VCID-usd5-mpjq-fkgm"},{"vulnerability":"VCID-vaam-cd2s-pkh3"},{"vulnerability":"VCID-vf8n-vse9-4qh3"},{"vulnerability":"VCID-vf9h-vkm4-afgk"},{"vulnerability":"VCID-vn8s-gm5x-eqbd"},{"vulnerability":"VCID-wez5-unzz-kudq"},{"vulnerability":"VCID-wt1r-6349-v7at"},{"vulnerability":"VCID-x85j-52ep-z7a4"},{"vulnerability":"VCID-xnb3-ch5w-d3bt"},{"vulnerability":"VCID-ze1t-z525-n3e2"},{"vulnerability":"VCID-zeyd-2fwn-87bh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1"}],"aliases":["CVE-2018-17237"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ae73-ha67-tqgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72288?format=json","vulnerability_id":"VCID-afg8-hmzq-xbf2","summary":"A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11203.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11203.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11203","reference_id":"","reference_type":"","scores":[{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.70014","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.70055","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11203"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1579951","reference_id":"1579951","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1579951"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516765?format=json","purl":"pkg:deb/debian/hdf5@1.10.4%2Brepack-10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xcu-cxdq-b3hb"},{"vulnerability":"VCID-ae73-ha67-tqgm"},{"vulnerability":"VCID-bv3t-82cc-qfd8"},{"vulnerability":"VCID-cy3q-7n3v-xbgr"},{"vulnerability":"VCID-dypw-pp9q-bycr"},{"vulnerability":"VCID-e4qy-jb8b-dkgg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.4%252Brepack-10"}],"aliases":["CVE-2018-11203"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-afg8-hmzq-xbf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72276?format=json","vulnerability_id":"VCID-amvr-fecp-rkdr","summary":"The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4332.json","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4332.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4332","reference_id":"","reference_type":"","scores":[{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28896","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28967","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4332"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1397707","reference_id":"1397707","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1397707"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845301","reference_id":"845301","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845301"},{"reference_url":"https://security.gentoo.org/glsa/201701-13","reference_id":"GLSA-201701-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/280910?format=json","purl":"pkg:deb/debian/hdf5@1.8.13%2Bdocs-15%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xcu-cxdq-b3hb"},{"vulnerability":"VCID-59vv-6fa4-ckfh"},{"vulnerability":"VCID-88vu-rux2-xfa8"},{"vulnerability":"VCID-ae73-ha67-tqgm"},{"vulnerability":"VCID-afg8-hmzq-xbf2"},{"vulnerability":"VCID-amvr-fecp-rkdr"},{"vulnerability":"VCID-bqwb-uc25-6ucm"},{"vulnerability":"VCID-bv3t-82cc-qfd8"},{"vulnerability":"VCID-c1z9-d33b-w3e6"},{"vulnerability":"VCID-chka-ff1j-gqe3"},{"vulnerability":"VCID-cy3q-7n3v-xbgr"},{"vulnerability":"VCID-dypw-pp9q-bycr"},{"vulnerability":"VCID-e3j2-wght-wbaq"},{"vulnerability":"VCID-e4qy-jb8b-dkgg"},{"vulnerability":"VCID-hnkh-k2sk-gqaq"},{"vulnerability":"VCID-mkse-aj8h-2fd4"},{"vulnerability":"VCID-uzzm-mpfp-s7gv"},{"vulnerability":"VCID-ycz8-g88h-7fhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.8.13%252Bdocs-15%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/516764?format=json","purl":"pkg:deb/debian/hdf5@1.10.0-patch1%2Bdocs-3%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xcu-cxdq-b3hb"},{"vulnerability":"VCID-59vv-6fa4-ckfh"},{"vulnerability":"VCID-ae73-ha67-tqgm"},{"vulnerability":"VCID-afg8-hmzq-xbf2"},{"vulnerability":"VCID-bqwb-uc25-6ucm"},{"vulnerability":"VCID-bv3t-82cc-qfd8"},{"vulnerability":"VCID-chka-ff1j-gqe3"},{"vulnerability":"VCID-cy3q-7n3v-xbgr"},{"vulnerability":"VCID-dypw-pp9q-bycr"},{"vulnerability":"VCID-e3j2-wght-wbaq"},{"vulnerability":"VCID-e4qy-jb8b-dkgg"},{"vulnerability":"VCID-hnkh-k2sk-gqaq"},{"vulnerability":"VCID-mkse-aj8h-2fd4"},{"vulnerability":"VCID-uzzm-mpfp-s7gv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.0-patch1%252Bdocs-3%252Bdeb9u1"}],"aliases":["CVE-2016-4332"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-amvr-fecp-rkdr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72280?format=json","vulnerability_id":"VCID-bqwb-uc25-6ucm","summary":"In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17506.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17506.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17506","reference_id":"","reference_type":"","scores":[{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.6306","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63104","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17506"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:N/A:P"},{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524907","reference_id":"1524907","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524907"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884365","reference_id":"884365","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884365"},{"reference_url":"https://usn.ubuntu.com/USN-4817-1/","reference_id":"USN-USN-4817-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4817-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516765?format=json","purl":"pkg:deb/debian/hdf5@1.10.4%2Brepack-10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xcu-cxdq-b3hb"},{"vulnerability":"VCID-ae73-ha67-tqgm"},{"vulnerability":"VCID-bv3t-82cc-qfd8"},{"vulnerability":"VCID-cy3q-7n3v-xbgr"},{"vulnerability":"VCID-dypw-pp9q-bycr"},{"vulnerability":"VCID-e4qy-jb8b-dkgg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.4%252Brepack-10"}],"aliases":["CVE-2017-17506"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bqwb-uc25-6ucm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72324?format=json","vulnerability_id":"VCID-bv3t-82cc-qfd8","summary":"A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17434.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17434.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17434","reference_id":"","reference_type":"","scores":[{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52418","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52478","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17434"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17434","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17434"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1634121","reference_id":"1634121","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1634121"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195413?format=json","purl":"pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qt2-92gt-f3fk"},{"vulnerability":"VCID-2r6p-322p-37dm"},{"vulnerability":"VCID-4kz9-zrss-83bx"},{"vulnerability":"VCID-5v4u-uu83-sqc8"},{"vulnerability":"VCID-7xfq-w24m-yugw"},{"vulnerability":"VCID-89j8-dfkx-2bhs"},{"vulnerability":"VCID-8aac-7mgq-h7a4"},{"vulnerability":"VCID-8df1-wt32-pqa6"},{"vulnerability":"VCID-8dhg-t7wf-v3ah"},{"vulnerability":"VCID-8jym-e7p3-7qgg"},{"vulnerability":"VCID-adzd-m4tm-v3f8"},{"vulnerability":"VCID-ajuw-pqtu-mygw"},{"vulnerability":"VCID-bhy6-usxm-h7a4"},{"vulnerability":"VCID-c2d5-k2pu-m3ba"},{"vulnerability":"VCID-c54w-b13w-uke7"},{"vulnerability":"VCID-caba-jf2d-yubt"},{"vulnerability":"VCID-d9fr-59ax-vya4"},{"vulnerability":"VCID-dmz7-rekk-1bax"},{"vulnerability":"VCID-e4aq-y2zm-tybp"},{"vulnerability":"VCID-euh2-g5tb-kyc7"},{"vulnerability":"VCID-evc7-d6mz-dqh7"},{"vulnerability":"VCID-g4wu-fszp-sbcp"},{"vulnerability":"VCID-h2q3-ub28-9ygd"},{"vulnerability":"VCID-hguc-e36x-kkfj"},{"vulnerability":"VCID-j2ck-xmvp-h7f7"},{"vulnerability":"VCID-jeu6-8nb9-d3ep"},{"vulnerability":"VCID-jgjd-n5m8-cbbk"},{"vulnerability":"VCID-kpny-jvxd-h7df"},{"vulnerability":"VCID-kx1u-3t7h-tyhb"},{"vulnerability":"VCID-mgev-h4d6-g3c9"},{"vulnerability":"VCID-mkrz-w4u4-tuaj"},{"vulnerability":"VCID-n1ag-bkf2-uyd8"},{"vulnerability":"VCID-n3sz-bxsj-dfbw"},{"vulnerability":"VCID-p3f9-9fu6-cbff"},{"vulnerability":"VCID-p78p-43n3-yqgg"},{"vulnerability":"VCID-pmtb-wxmw-2yh2"},{"vulnerability":"VCID-ppqc-1vsd-1qg6"},{"vulnerability":"VCID-qr98-8n65-eue6"},{"vulnerability":"VCID-qttu-atch-hkcq"},{"vulnerability":"VCID-qzz2-61s2-bkca"},{"vulnerability":"VCID-rr9y-73f6-ybab"},{"vulnerability":"VCID-rwu5-z6rj-uye7"},{"vulnerability":"VCID-s161-wyhp-e3hw"},{"vulnerability":"VCID-tba6-aqxs-nqgm"},{"vulnerability":"VCID-td2e-qeam-fucf"},{"vulnerability":"VCID-ua6h-y2bc-jqdy"},{"vulnerability":"VCID-uhhu-7sbk-gqaf"},{"vulnerability":"VCID-untx-ks69-4yc3"},{"vulnerability":"VCID-usd5-mpjq-fkgm"},{"vulnerability":"VCID-vaam-cd2s-pkh3"},{"vulnerability":"VCID-vf8n-vse9-4qh3"},{"vulnerability":"VCID-vf9h-vkm4-afgk"},{"vulnerability":"VCID-vn8s-gm5x-eqbd"},{"vulnerability":"VCID-wez5-unzz-kudq"},{"vulnerability":"VCID-wt1r-6349-v7at"},{"vulnerability":"VCID-x85j-52ep-z7a4"},{"vulnerability":"VCID-xnb3-ch5w-d3bt"},{"vulnerability":"VCID-ze1t-z525-n3e2"},{"vulnerability":"VCID-zeyd-2fwn-87bh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1"}],"aliases":["CVE-2018-17434"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bv3t-82cc-qfd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72275?format=json","vulnerability_id":"VCID-c1z9-d33b-w3e6","summary":"When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4331.json","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4331.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4331","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63984","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.64026","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4331"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1397704","reference_id":"1397704","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1397704"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845301","reference_id":"845301","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845301"},{"reference_url":"https://security.gentoo.org/glsa/201701-13","reference_id":"GLSA-201701-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/280910?format=json","purl":"pkg:deb/debian/hdf5@1.8.13%2Bdocs-15%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xcu-cxdq-b3hb"},{"vulnerability":"VCID-59vv-6fa4-ckfh"},{"vulnerability":"VCID-88vu-rux2-xfa8"},{"vulnerability":"VCID-ae73-ha67-tqgm"},{"vulnerability":"VCID-afg8-hmzq-xbf2"},{"vulnerability":"VCID-amvr-fecp-rkdr"},{"vulnerability":"VCID-bqwb-uc25-6ucm"},{"vulnerability":"VCID-bv3t-82cc-qfd8"},{"vulnerability":"VCID-c1z9-d33b-w3e6"},{"vulnerability":"VCID-chka-ff1j-gqe3"},{"vulnerability":"VCID-cy3q-7n3v-xbgr"},{"vulnerability":"VCID-dypw-pp9q-bycr"},{"vulnerability":"VCID-e3j2-wght-wbaq"},{"vulnerability":"VCID-e4qy-jb8b-dkgg"},{"vulnerability":"VCID-hnkh-k2sk-gqaq"},{"vulnerability":"VCID-mkse-aj8h-2fd4"},{"vulnerability":"VCID-uzzm-mpfp-s7gv"},{"vulnerability":"VCID-ycz8-g88h-7fhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.8.13%252Bdocs-15%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/516764?format=json","purl":"pkg:deb/debian/hdf5@1.10.0-patch1%2Bdocs-3%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xcu-cxdq-b3hb"},{"vulnerability":"VCID-59vv-6fa4-ckfh"},{"vulnerability":"VCID-ae73-ha67-tqgm"},{"vulnerability":"VCID-afg8-hmzq-xbf2"},{"vulnerability":"VCID-bqwb-uc25-6ucm"},{"vulnerability":"VCID-bv3t-82cc-qfd8"},{"vulnerability":"VCID-chka-ff1j-gqe3"},{"vulnerability":"VCID-cy3q-7n3v-xbgr"},{"vulnerability":"VCID-dypw-pp9q-bycr"},{"vulnerability":"VCID-e3j2-wght-wbaq"},{"vulnerability":"VCID-e4qy-jb8b-dkgg"},{"vulnerability":"VCID-hnkh-k2sk-gqaq"},{"vulnerability":"VCID-mkse-aj8h-2fd4"},{"vulnerability":"VCID-uzzm-mpfp-s7gv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.0-patch1%252Bdocs-3%252Bdeb9u1"}],"aliases":["CVE-2016-4331"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c1z9-d33b-w3e6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72290?format=json","vulnerability_id":"VCID-chka-ff1j-gqe3","summary":"A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11204.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11204.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11204","reference_id":"","reference_type":"","scores":[{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58454","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.585","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11204","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11204"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1579955","reference_id":"1579955","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1579955"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516765?format=json","purl":"pkg:deb/debian/hdf5@1.10.4%2Brepack-10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xcu-cxdq-b3hb"},{"vulnerability":"VCID-ae73-ha67-tqgm"},{"vulnerability":"VCID-bv3t-82cc-qfd8"},{"vulnerability":"VCID-cy3q-7n3v-xbgr"},{"vulnerability":"VCID-dypw-pp9q-bycr"},{"vulnerability":"VCID-e4qy-jb8b-dkgg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.4%252Brepack-10"}],"aliases":["CVE-2018-11204"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-chka-ff1j-gqe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72332?format=json","vulnerability_id":"VCID-cy3q-7n3v-xbgr","summary":"Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17437.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17437.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17437","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33676","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33777","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17437"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17437","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17437"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1634132","reference_id":"1634132","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1634132"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195413?format=json","purl":"pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qt2-92gt-f3fk"},{"vulnerability":"VCID-2r6p-322p-37dm"},{"vulnerability":"VCID-4kz9-zrss-83bx"},{"vulnerability":"VCID-5v4u-uu83-sqc8"},{"vulnerability":"VCID-7xfq-w24m-yugw"},{"vulnerability":"VCID-89j8-dfkx-2bhs"},{"vulnerability":"VCID-8aac-7mgq-h7a4"},{"vulnerability":"VCID-8df1-wt32-pqa6"},{"vulnerability":"VCID-8dhg-t7wf-v3ah"},{"vulnerability":"VCID-8jym-e7p3-7qgg"},{"vulnerability":"VCID-adzd-m4tm-v3f8"},{"vulnerability":"VCID-ajuw-pqtu-mygw"},{"vulnerability":"VCID-bhy6-usxm-h7a4"},{"vulnerability":"VCID-c2d5-k2pu-m3ba"},{"vulnerability":"VCID-c54w-b13w-uke7"},{"vulnerability":"VCID-caba-jf2d-yubt"},{"vulnerability":"VCID-d9fr-59ax-vya4"},{"vulnerability":"VCID-dmz7-rekk-1bax"},{"vulnerability":"VCID-e4aq-y2zm-tybp"},{"vulnerability":"VCID-euh2-g5tb-kyc7"},{"vulnerability":"VCID-evc7-d6mz-dqh7"},{"vulnerability":"VCID-g4wu-fszp-sbcp"},{"vulnerability":"VCID-h2q3-ub28-9ygd"},{"vulnerability":"VCID-hguc-e36x-kkfj"},{"vulnerability":"VCID-j2ck-xmvp-h7f7"},{"vulnerability":"VCID-jeu6-8nb9-d3ep"},{"vulnerability":"VCID-jgjd-n5m8-cbbk"},{"vulnerability":"VCID-kpny-jvxd-h7df"},{"vulnerability":"VCID-kx1u-3t7h-tyhb"},{"vulnerability":"VCID-mgev-h4d6-g3c9"},{"vulnerability":"VCID-mkrz-w4u4-tuaj"},{"vulnerability":"VCID-n1ag-bkf2-uyd8"},{"vulnerability":"VCID-n3sz-bxsj-dfbw"},{"vulnerability":"VCID-p3f9-9fu6-cbff"},{"vulnerability":"VCID-p78p-43n3-yqgg"},{"vulnerability":"VCID-pmtb-wxmw-2yh2"},{"vulnerability":"VCID-ppqc-1vsd-1qg6"},{"vulnerability":"VCID-qr98-8n65-eue6"},{"vulnerability":"VCID-qttu-atch-hkcq"},{"vulnerability":"VCID-qzz2-61s2-bkca"},{"vulnerability":"VCID-rr9y-73f6-ybab"},{"vulnerability":"VCID-rwu5-z6rj-uye7"},{"vulnerability":"VCID-s161-wyhp-e3hw"},{"vulnerability":"VCID-tba6-aqxs-nqgm"},{"vulnerability":"VCID-td2e-qeam-fucf"},{"vulnerability":"VCID-ua6h-y2bc-jqdy"},{"vulnerability":"VCID-uhhu-7sbk-gqaf"},{"vulnerability":"VCID-untx-ks69-4yc3"},{"vulnerability":"VCID-usd5-mpjq-fkgm"},{"vulnerability":"VCID-vaam-cd2s-pkh3"},{"vulnerability":"VCID-vf8n-vse9-4qh3"},{"vulnerability":"VCID-vf9h-vkm4-afgk"},{"vulnerability":"VCID-vn8s-gm5x-eqbd"},{"vulnerability":"VCID-wez5-unzz-kudq"},{"vulnerability":"VCID-wt1r-6349-v7at"},{"vulnerability":"VCID-x85j-52ep-z7a4"},{"vulnerability":"VCID-xnb3-ch5w-d3bt"},{"vulnerability":"VCID-ze1t-z525-n3e2"},{"vulnerability":"VCID-zeyd-2fwn-87bh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1"}],"aliases":["CVE-2018-17437"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cy3q-7n3v-xbgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72318?format=json","vulnerability_id":"VCID-dypw-pp9q-bycr","summary":"A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17233.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17233.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17233","reference_id":"","reference_type":"","scores":[{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50915","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50977","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17233"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17233","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17233"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1633853","reference_id":"1633853","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1633853"},{"reference_url":"https://usn.ubuntu.com/USN-5272-1/","reference_id":"USN-USN-5272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195413?format=json","purl":"pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qt2-92gt-f3fk"},{"vulnerability":"VCID-2r6p-322p-37dm"},{"vulnerability":"VCID-4kz9-zrss-83bx"},{"vulnerability":"VCID-5v4u-uu83-sqc8"},{"vulnerability":"VCID-7xfq-w24m-yugw"},{"vulnerability":"VCID-89j8-dfkx-2bhs"},{"vulnerability":"VCID-8aac-7mgq-h7a4"},{"vulnerability":"VCID-8df1-wt32-pqa6"},{"vulnerability":"VCID-8dhg-t7wf-v3ah"},{"vulnerability":"VCID-8jym-e7p3-7qgg"},{"vulnerability":"VCID-adzd-m4tm-v3f8"},{"vulnerability":"VCID-ajuw-pqtu-mygw"},{"vulnerability":"VCID-bhy6-usxm-h7a4"},{"vulnerability":"VCID-c2d5-k2pu-m3ba"},{"vulnerability":"VCID-c54w-b13w-uke7"},{"vulnerability":"VCID-caba-jf2d-yubt"},{"vulnerability":"VCID-d9fr-59ax-vya4"},{"vulnerability":"VCID-dmz7-rekk-1bax"},{"vulnerability":"VCID-e4aq-y2zm-tybp"},{"vulnerability":"VCID-euh2-g5tb-kyc7"},{"vulnerability":"VCID-evc7-d6mz-dqh7"},{"vulnerability":"VCID-g4wu-fszp-sbcp"},{"vulnerability":"VCID-h2q3-ub28-9ygd"},{"vulnerability":"VCID-hguc-e36x-kkfj"},{"vulnerability":"VCID-j2ck-xmvp-h7f7"},{"vulnerability":"VCID-jeu6-8nb9-d3ep"},{"vulnerability":"VCID-jgjd-n5m8-cbbk"},{"vulnerability":"VCID-kpny-jvxd-h7df"},{"vulnerability":"VCID-kx1u-3t7h-tyhb"},{"vulnerability":"VCID-mgev-h4d6-g3c9"},{"vulnerability":"VCID-mkrz-w4u4-tuaj"},{"vulnerability":"VCID-n1ag-bkf2-uyd8"},{"vulnerability":"VCID-n3sz-bxsj-dfbw"},{"vulnerability":"VCID-p3f9-9fu6-cbff"},{"vulnerability":"VCID-p78p-43n3-yqgg"},{"vulnerability":"VCID-pmtb-wxmw-2yh2"},{"vulnerability":"VCID-ppqc-1vsd-1qg6"},{"vulnerability":"VCID-qr98-8n65-eue6"},{"vulnerability":"VCID-qttu-atch-hkcq"},{"vulnerability":"VCID-qzz2-61s2-bkca"},{"vulnerability":"VCID-rr9y-73f6-ybab"},{"vulnerability":"VCID-rwu5-z6rj-uye7"},{"vulnerability":"VCID-s161-wyhp-e3hw"},{"vulnerability":"VCID-tba6-aqxs-nqgm"},{"vulnerability":"VCID-td2e-qeam-fucf"},{"vulnerability":"VCID-ua6h-y2bc-jqdy"},{"vulnerability":"VCID-uhhu-7sbk-gqaf"},{"vulnerability":"VCID-untx-ks69-4yc3"},{"vulnerability":"VCID-usd5-mpjq-fkgm"},{"vulnerability":"VCID-vaam-cd2s-pkh3"},{"vulnerability":"VCID-vf8n-vse9-4qh3"},{"vulnerability":"VCID-vf9h-vkm4-afgk"},{"vulnerability":"VCID-vn8s-gm5x-eqbd"},{"vulnerability":"VCID-wez5-unzz-kudq"},{"vulnerability":"VCID-wt1r-6349-v7at"},{"vulnerability":"VCID-x85j-52ep-z7a4"},{"vulnerability":"VCID-xnb3-ch5w-d3bt"},{"vulnerability":"VCID-ze1t-z525-n3e2"},{"vulnerability":"VCID-zeyd-2fwn-87bh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1"}],"aliases":["CVE-2018-17233"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dypw-pp9q-bycr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72300?format=json","vulnerability_id":"VCID-e3j2-wght-wbaq","summary":"A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11207.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11207.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11207","reference_id":"","reference_type":"","scores":[{"value":"0.00867","scoring_system":"epss","scoring_elements":"0.75513","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00867","scoring_system":"epss","scoring_elements":"0.75541","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11207"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11207","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11207"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1579961","reference_id":"1579961","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1579961"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516765?format=json","purl":"pkg:deb/debian/hdf5@1.10.4%2Brepack-10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xcu-cxdq-b3hb"},{"vulnerability":"VCID-ae73-ha67-tqgm"},{"vulnerability":"VCID-bv3t-82cc-qfd8"},{"vulnerability":"VCID-cy3q-7n3v-xbgr"},{"vulnerability":"VCID-dypw-pp9q-bycr"},{"vulnerability":"VCID-e4qy-jb8b-dkgg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.4%252Brepack-10"}],"aliases":["CVE-2018-11207"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e3j2-wght-wbaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72334?format=json","vulnerability_id":"VCID-e4qy-jb8b-dkgg","summary":"A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17438.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17438.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17438","reference_id":"","reference_type":"","scores":[{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58346","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58393","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17438"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17438"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1634139","reference_id":"1634139","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1634139"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195413?format=json","purl":"pkg:deb/debian/hdf5@1.10.6%2Brepack-4%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qt2-92gt-f3fk"},{"vulnerability":"VCID-2r6p-322p-37dm"},{"vulnerability":"VCID-4kz9-zrss-83bx"},{"vulnerability":"VCID-5v4u-uu83-sqc8"},{"vulnerability":"VCID-7xfq-w24m-yugw"},{"vulnerability":"VCID-89j8-dfkx-2bhs"},{"vulnerability":"VCID-8aac-7mgq-h7a4"},{"vulnerability":"VCID-8df1-wt32-pqa6"},{"vulnerability":"VCID-8dhg-t7wf-v3ah"},{"vulnerability":"VCID-8jym-e7p3-7qgg"},{"vulnerability":"VCID-adzd-m4tm-v3f8"},{"vulnerability":"VCID-ajuw-pqtu-mygw"},{"vulnerability":"VCID-bhy6-usxm-h7a4"},{"vulnerability":"VCID-c2d5-k2pu-m3ba"},{"vulnerability":"VCID-c54w-b13w-uke7"},{"vulnerability":"VCID-caba-jf2d-yubt"},{"vulnerability":"VCID-d9fr-59ax-vya4"},{"vulnerability":"VCID-dmz7-rekk-1bax"},{"vulnerability":"VCID-e4aq-y2zm-tybp"},{"vulnerability":"VCID-euh2-g5tb-kyc7"},{"vulnerability":"VCID-evc7-d6mz-dqh7"},{"vulnerability":"VCID-g4wu-fszp-sbcp"},{"vulnerability":"VCID-h2q3-ub28-9ygd"},{"vulnerability":"VCID-hguc-e36x-kkfj"},{"vulnerability":"VCID-j2ck-xmvp-h7f7"},{"vulnerability":"VCID-jeu6-8nb9-d3ep"},{"vulnerability":"VCID-jgjd-n5m8-cbbk"},{"vulnerability":"VCID-kpny-jvxd-h7df"},{"vulnerability":"VCID-kx1u-3t7h-tyhb"},{"vulnerability":"VCID-mgev-h4d6-g3c9"},{"vulnerability":"VCID-mkrz-w4u4-tuaj"},{"vulnerability":"VCID-n1ag-bkf2-uyd8"},{"vulnerability":"VCID-n3sz-bxsj-dfbw"},{"vulnerability":"VCID-p3f9-9fu6-cbff"},{"vulnerability":"VCID-p78p-43n3-yqgg"},{"vulnerability":"VCID-pmtb-wxmw-2yh2"},{"vulnerability":"VCID-ppqc-1vsd-1qg6"},{"vulnerability":"VCID-qr98-8n65-eue6"},{"vulnerability":"VCID-qttu-atch-hkcq"},{"vulnerability":"VCID-qzz2-61s2-bkca"},{"vulnerability":"VCID-rr9y-73f6-ybab"},{"vulnerability":"VCID-rwu5-z6rj-uye7"},{"vulnerability":"VCID-s161-wyhp-e3hw"},{"vulnerability":"VCID-tba6-aqxs-nqgm"},{"vulnerability":"VCID-td2e-qeam-fucf"},{"vulnerability":"VCID-ua6h-y2bc-jqdy"},{"vulnerability":"VCID-uhhu-7sbk-gqaf"},{"vulnerability":"VCID-untx-ks69-4yc3"},{"vulnerability":"VCID-usd5-mpjq-fkgm"},{"vulnerability":"VCID-vaam-cd2s-pkh3"},{"vulnerability":"VCID-vf8n-vse9-4qh3"},{"vulnerability":"VCID-vf9h-vkm4-afgk"},{"vulnerability":"VCID-vn8s-gm5x-eqbd"},{"vulnerability":"VCID-wez5-unzz-kudq"},{"vulnerability":"VCID-wt1r-6349-v7at"},{"vulnerability":"VCID-x85j-52ep-z7a4"},{"vulnerability":"VCID-xnb3-ch5w-d3bt"},{"vulnerability":"VCID-ze1t-z525-n3e2"},{"vulnerability":"VCID-zeyd-2fwn-87bh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.6%252Brepack-4%252Bdeb11u1"}],"aliases":["CVE-2018-17438"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e4qy-jb8b-dkgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72285?format=json","vulnerability_id":"VCID-hnkh-k2sk-gqaq","summary":"A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11202.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11202.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11202","reference_id":"","reference_type":"","scores":[{"value":"0.01323","scoring_system":"epss","scoring_elements":"0.80231","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01323","scoring_system":"epss","scoring_elements":"0.80255","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11202","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11202"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1579946","reference_id":"1579946","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1579946"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516765?format=json","purl":"pkg:deb/debian/hdf5@1.10.4%2Brepack-10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xcu-cxdq-b3hb"},{"vulnerability":"VCID-ae73-ha67-tqgm"},{"vulnerability":"VCID-bv3t-82cc-qfd8"},{"vulnerability":"VCID-cy3q-7n3v-xbgr"},{"vulnerability":"VCID-dypw-pp9q-bycr"},{"vulnerability":"VCID-e4qy-jb8b-dkgg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.4%252Brepack-10"}],"aliases":["CVE-2018-11202"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hnkh-k2sk-gqaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72279?format=json","vulnerability_id":"VCID-mkse-aj8h-2fd4","summary":"In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17505.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17505.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17505","reference_id":"","reference_type":"","scores":[{"value":"0.00434","scoring_system":"epss","scoring_elements":"0.63175","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00434","scoring_system":"epss","scoring_elements":"0.6322","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17505"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17505","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17505"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524906","reference_id":"1524906","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524906"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884365","reference_id":"884365","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884365"},{"reference_url":"https://usn.ubuntu.com/USN-4817-1/","reference_id":"USN-USN-4817-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4817-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516765?format=json","purl":"pkg:deb/debian/hdf5@1.10.4%2Brepack-10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xcu-cxdq-b3hb"},{"vulnerability":"VCID-ae73-ha67-tqgm"},{"vulnerability":"VCID-bv3t-82cc-qfd8"},{"vulnerability":"VCID-cy3q-7n3v-xbgr"},{"vulnerability":"VCID-dypw-pp9q-bycr"},{"vulnerability":"VCID-e4qy-jb8b-dkgg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.4%252Brepack-10"}],"aliases":["CVE-2017-17505"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mkse-aj8h-2fd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72283?format=json","vulnerability_id":"VCID-uzzm-mpfp-s7gv","summary":"In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17508.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17508.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17508","reference_id":"","reference_type":"","scores":[{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.6306","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63104","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17508"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524910","reference_id":"1524910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524910"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884365","reference_id":"884365","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884365"},{"reference_url":"https://usn.ubuntu.com/USN-4817-1/","reference_id":"USN-USN-4817-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4817-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516765?format=json","purl":"pkg:deb/debian/hdf5@1.10.4%2Brepack-10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xcu-cxdq-b3hb"},{"vulnerability":"VCID-ae73-ha67-tqgm"},{"vulnerability":"VCID-bv3t-82cc-qfd8"},{"vulnerability":"VCID-cy3q-7n3v-xbgr"},{"vulnerability":"VCID-dypw-pp9q-bycr"},{"vulnerability":"VCID-e4qy-jb8b-dkgg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.4%252Brepack-10"}],"aliases":["CVE-2017-17508"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uzzm-mpfp-s7gv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72273?format=json","vulnerability_id":"VCID-ycz8-g88h-7fhs","summary":"In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4330.json","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4330.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4330","reference_id":"","reference_type":"","scores":[{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63565","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63608","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1397701","reference_id":"1397701","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1397701"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845301","reference_id":"845301","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845301"},{"reference_url":"https://security.gentoo.org/glsa/201701-13","reference_id":"GLSA-201701-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/280910?format=json","purl":"pkg:deb/debian/hdf5@1.8.13%2Bdocs-15%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xcu-cxdq-b3hb"},{"vulnerability":"VCID-59vv-6fa4-ckfh"},{"vulnerability":"VCID-88vu-rux2-xfa8"},{"vulnerability":"VCID-ae73-ha67-tqgm"},{"vulnerability":"VCID-afg8-hmzq-xbf2"},{"vulnerability":"VCID-amvr-fecp-rkdr"},{"vulnerability":"VCID-bqwb-uc25-6ucm"},{"vulnerability":"VCID-bv3t-82cc-qfd8"},{"vulnerability":"VCID-c1z9-d33b-w3e6"},{"vulnerability":"VCID-chka-ff1j-gqe3"},{"vulnerability":"VCID-cy3q-7n3v-xbgr"},{"vulnerability":"VCID-dypw-pp9q-bycr"},{"vulnerability":"VCID-e3j2-wght-wbaq"},{"vulnerability":"VCID-e4qy-jb8b-dkgg"},{"vulnerability":"VCID-hnkh-k2sk-gqaq"},{"vulnerability":"VCID-mkse-aj8h-2fd4"},{"vulnerability":"VCID-uzzm-mpfp-s7gv"},{"vulnerability":"VCID-ycz8-g88h-7fhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.8.13%252Bdocs-15%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/516764?format=json","purl":"pkg:deb/debian/hdf5@1.10.0-patch1%2Bdocs-3%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xcu-cxdq-b3hb"},{"vulnerability":"VCID-59vv-6fa4-ckfh"},{"vulnerability":"VCID-ae73-ha67-tqgm"},{"vulnerability":"VCID-afg8-hmzq-xbf2"},{"vulnerability":"VCID-bqwb-uc25-6ucm"},{"vulnerability":"VCID-bv3t-82cc-qfd8"},{"vulnerability":"VCID-chka-ff1j-gqe3"},{"vulnerability":"VCID-cy3q-7n3v-xbgr"},{"vulnerability":"VCID-dypw-pp9q-bycr"},{"vulnerability":"VCID-e3j2-wght-wbaq"},{"vulnerability":"VCID-e4qy-jb8b-dkgg"},{"vulnerability":"VCID-hnkh-k2sk-gqaq"},{"vulnerability":"VCID-mkse-aj8h-2fd4"},{"vulnerability":"VCID-uzzm-mpfp-s7gv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.10.0-patch1%252Bdocs-3%252Bdeb9u1"}],"aliases":["CVE-2016-4330"],"risk_score":3.9,"exploitability":"0.5","weighted_severity":"7.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ycz8-g88h-7fhs"}],"fixing_vulnerabilities":[],"risk_score":"3.9","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hdf5@1.6.6-4"}