Heap Buffer Overflow Vulnerability in HDF5 Software
CVE-2024-29157

9.8CRITICAL

Key Information:

Vendor: The HDF Group
Status: Hdf5
Vendor: CVE Published:; 14 May 2024

🔔 Create The HDF Group Vulnerability Alert

What is CVE-2024-29157?

HDF5 versions up to 1.14.3 are susceptible to a heap buffer overflow in the H5HG_read function. This vulnerability can lead to the corruption of the instruction pointer, resulting in denial of service or allowing for potential code execution. It is essential for users to upgrade to version 1.14.4 or later to mitigate the risks associated with this security flaw. Refer to relevant sources for further information on patches and updates.

References

https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixe...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024