Heap-based Buffer Overflow in HDF5 Library Affecting Multiple Versions
CVE-2024-32619

7.4HIGH

Key Information:

Vendor: HDF Group
Status: Hdf5
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-32619?

The HDF5 Library through version 1.14.3 is susceptible to a heap-based buffer overflow vulnerability occurring in the H5T_copy_reopen function within H5T.c. This vulnerability can lead to the corruption of the instruction pointer, which may allow attackers to execute arbitrary code or compromise system integrity. Users employing affected versions of the HDF5 Library are advised to upgrade to version 1.14.4 or later to mitigate potential security threats.

References

https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixe...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024

HDF Group

What is CVE-2024-32619?

References

CVSS V3.1

Timeline