Heap-based Buffer Overflow in HDF5 Library
CVE-2024-32618

7.4HIGH

Key Information:

Status
Vendor
CVE Published:
14 May 2024

What is CVE-2024-32618?

The HDF5 Library, specifically in versions up to and including 1.14.3, has a vulnerability that involves a heap-based buffer overflow in the H5T__get_native_type function located in H5Tnative.c. This vulnerability may lead to the corruption of the instruction pointer, posing significant risks to application integrity and stability. Users of affected versions are strongly advised to upgrade to version 1.14.4 or later to mitigate potential security issues.

References

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-32618 : Heap-based Buffer Overflow in HDF5 Library