OESA-2023-1328
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1328
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2023-1328.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2023-1328
- Upstream
- Published
- 2023-06-03T11:05:21Z
- Modified
- 2025-08-12T05:03:51.198549Z
- Summary
- hdf5 security update
- Details
-
HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF5. The HDF5 Technology suite includes tools and applications for managing, manipulating, viewing, and analyzing data in the HDF5 format.
Security Fix(es):
A buffer overflow in H5O_layoutencode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."(CVE-2019-8396)
An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5F_accumread in H5Faccum.c.(CVE-2018-13867)
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5Olayoutdecode in H5Olayout.c, related to HDmemcpy.(CVE-2018-14033)
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5Osdspacedecode in H5Osdspace.c.(CVE-2018-14460)
An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O_layoutdecode() located in H5Olayout.c. It allows an attacker to cause Denial of Service.(CVE-2020-10811)
Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5toolsstrsprint in /hdf5/tools/lib/h5tools_str.c.(CVE-2021-37501)
- Database specific
{ "severity": "Critical" }- References
-
- https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1328
- https://nvd.nist.gov/vuln/detail/CVE-2019-8396
- https://nvd.nist.gov/vuln/detail/CVE-2018-13867
- https://nvd.nist.gov/vuln/detail/CVE-2018-14033
- https://nvd.nist.gov/vuln/detail/CVE-2018-14460
- https://nvd.nist.gov/vuln/detail/CVE-2020-10811
- https://nvd.nist.gov/vuln/detail/CVE-2021-37501
Affected packages
openEuler:20.03-LTS-SP1 / hdf5
Package
- Name
- hdf5
- Purl
- pkg:rpm/openEuler/hdf5&distro=openEuler-20.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.12.1-2.oe1
Ecosystem specific
{
"src": [
"hdf5-1.12.1-2.oe1.src.rpm"
],
"x86_64": [
"hdf5-devel-1.12.1-2.oe1.x86_64.rpm",
"hdf5-debuginfo-1.12.1-2.oe1.x86_64.rpm",
"hdf5-1.12.1-2.oe1.x86_64.rpm",
"hdf5-debugsource-1.12.1-2.oe1.x86_64.rpm"
],
"aarch64": [
"hdf5-1.12.1-2.oe1.aarch64.rpm",
"hdf5-devel-1.12.1-2.oe1.aarch64.rpm",
"hdf5-debugsource-1.12.1-2.oe1.aarch64.rpm",
"hdf5-debuginfo-1.12.1-2.oe1.aarch64.rpm"
]
}