Heap-based Buffer Over-read in HDF5 Library Affects Multiple Products
CVE-2024-32612

7.4HIGH

Key Information:

Vendor: HDF Group
Status: Hdf5
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-32612?

The HDF5 Library, up to version 1.14.3, contains a significant flaw characterized by a heap-based buffer over-read found in the function H5HL__fl_deserialize within the file H5HLcache.c. This vulnerability can lead to unintended modification of the instruction pointer, exposing applications that utilize the HDF5 Library to potential instability and exploit risks. It is critical for users of the library to update to version 1.14.4 or later, where this vulnerability has been addressed, to ensure their systems remain secure.

References

https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixe...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024

HDF Group

What is CVE-2024-32612?

References

CVSS V3.1

Timeline