Heap Buffer Overflow Vulnerability in HDF5 Library
CVE-2024-33876

5.7MEDIUM

Key Information:

Vendor: HDF Group
Status: Hdf5
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-33876?

The HDF5 Library, widely used for managing complex data, has been found to contain a heap buffer overflow vulnerability in the H5S__point_deserialize function, located in H5Spoint.c. This issue affects versions up to 1.14.3 and can lead to potential data corruption and manipulation risks. Users of the HDF5 Library are advised to upgrade to version 1.14.4 or later to mitigate this vulnerability and enhance the overall security of their data handling processes.

References

https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixe...

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024

HDF Group

What is CVE-2024-33876?

References

CVSS V3.1

Timeline