Heap-Based Buffer Overflow in HDF5 Library Affecting Multiple Products
CVE-2024-32615

9.8CRITICAL

Key Information:

Vendor: The HDF Group
Status: Hdf5
Vendor: CVE Published:; 14 May 2024

🔔 Create The HDF Group Vulnerability Alert

What is CVE-2024-32615?

The HDF5 Library, through version 1.14.3, contains a vulnerability characterized by a heap-based buffer overflow. This issue originates from improper management of an initialized pointer in the H5Z__nbit_decompress_one_byte function found in H5Znbit.c. Exploitation of this vulnerability may lead to unintended behaviors, potentially impacting the confidentiality and integrity of affected systems. Users and administrators are encouraged to upgrade to version 1.14.4 or later to mitigate this issue effectively.

References

https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixe...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024