Heap-Based Buffer Overflow in HDF5 Library Affecting Various Implementations
CVE-2024-32624

7.4HIGH

Key Information:

Vendor: HDF Group
Status: Hdf5
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-32624?

The HDF5 Library, a widely used data management library, exhibits a vulnerability that enables a heap-based buffer overflow in the function H5T__ref_mem_setnull. This flaw arises from specific calls made in the H5T__conv_ref function, leading to potential memory corruption. Exploitation of this vulnerability could allow unauthorized manipulation of the instruction pointer, posing a risk to data integrity and system stability. Users are advised to update to version 1.14.4 or later to mitigate the risk associated with this vulnerability.

References

https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixe...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024

HDF Group

What is CVE-2024-32624?

References

CVSS V3.1

Timeline