CVE-2024-32624

HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Trefmemsetnull in H5Tref.c (called from H5Tconv_ref in H5Tconv.c), resulting in the corruption of the instruction pointer.

Database specific

{
    "cna_assigner": "mitre",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/32xxx/CVE-2024-32624.json",
    "unresolved_ranges": [
        {
            "source": "DESCRIPTION",
            "extracted_events": [
                {
                    "fixed": "1.14.3"
                }
            ]
        }
    ]
}

References

Affected packages

Git / github.com/hdfgroup/hdf5

Affected ranges

Type

GIT

Repo

https://github.com/hdfgroup/hdf5

Events

Introduced

Fixed

88429b015e29c59de604b0f552001fb7cb7ed5d0

Database specific

{
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:hdfgroup:hdf5:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.14.4"
        }
    ]
}

Affected versions

Other

before_removing_docs

before_removing_fphdf5

before_removing_mpiposix_vfd

before_removing_tbbt_code

before_signed_unsigned_changes

hdf5-1_0_0

hdf5-1_0_0-alpha2

hdf5-1_0_1

hdf5-1_13_0-rc1

hdf5-1_13_0-rc2

hdf5-1_13_0-rc3

hdf5-1_13_0-rc4

hdf5-1_13_0-rc5

hdf5-1_13_0-rc6

hdf5-1_2_0

hdf5-1_2_0-beta1-update2

hdf5-1_2_0beta

hdf5-1_2_1

hdf5-1_3_0

hdf5-1_3_1

hdf5-1_4_0

hdf5-1_4_1

hdf5-1_6_0

hdf5-1_6_1

hdf5-1_6_2

hdf5-1_8_0-alpha2

hdf5-1_8_0-alpha3

hdf5-1_8_0-alpha4

hdf5-1_8_0-beta1

hdf5-1_8_0-beta2

hdf5-1_8_0-beta3

hdf5-1_8_0-beta4

hdf5-1_8_0-beta5

hdf5-1_9-start

proto1

r1_1beta1

vms_last_support_trunk

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-32624.json"