Heap Buffer Overflow Vulnerability in HDF5 Library
CVE-2024-33874

9.8CRITICAL

Key Information:

Vendor: The HDF Group
Status: Hdf5
Vendor: CVE Published:; 14 May 2024

🔔 Create The HDF Group Vulnerability Alert

What is CVE-2024-33874?

The HDF5 Library has been identified to contain a heap buffer overflow in the function H5O__mtime_new_encode, located within the source file H5Omtime.c. This vulnerability can potentially be exploited under specific conditions, allowing for unauthorized access or manipulation of memory resources. Users are recommended to update to version 1.14.4 or later to mitigate risks associated with this vulnerability and enhance the security of their systems.

References

https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixe...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024