OESA-2023-1987

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1987

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2023-1987.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2023-1987

Upstream

CVE-2018-17433

CVE-2018-17436

CVE-2020-10809

Published

2023-12-29T11:06:37Z

Modified

2025-08-12T05:03:54.180939Z

Summary

hdf5 security update

Details

HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF5. The HDF5 Technology suite includes tools and applications for managing, manipulating, viewing, and analyzing data in the HDF5 format.

Security Fix(es):

A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file.(CVE-2018-17433)

ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (invalid write access) via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file.(CVE-2018-17436)

An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.(CVE-2020-10809)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:20.03-LTS-SP3 / hdf5

Package

Name: hdf5
Purl: pkg:rpm/openEuler/hdf5&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.12.1-4.oe1

Ecosystem specific

{
    "src": [
        "hdf5-1.12.1-4.oe1.src.rpm"
    ],
    "x86_64": [
        "hdf5-debugsource-1.12.1-4.oe1.x86_64.rpm",
        "hdf5-debuginfo-1.12.1-4.oe1.x86_64.rpm",
        "hdf5-devel-1.12.1-4.oe1.x86_64.rpm",
        "hdf5-openmpi-static-1.12.1-4.oe1.x86_64.rpm",
        "hdf5-mpich-static-1.12.1-4.oe1.x86_64.rpm",
        "hdf5-openmpi-devel-1.12.1-4.oe1.x86_64.rpm",
        "hdf5-mpich-1.12.1-4.oe1.x86_64.rpm",
        "hdf5-mpich-devel-1.12.1-4.oe1.x86_64.rpm",
        "hdf5-1.12.1-4.oe1.x86_64.rpm",
        "hdf5-openmpi-1.12.1-4.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "hdf5-openmpi-static-1.12.1-4.oe1.aarch64.rpm",
        "hdf5-mpich-1.12.1-4.oe1.aarch64.rpm",
        "hdf5-1.12.1-4.oe1.aarch64.rpm",
        "hdf5-openmpi-devel-1.12.1-4.oe1.aarch64.rpm",
        "hdf5-devel-1.12.1-4.oe1.aarch64.rpm",
        "hdf5-mpich-static-1.12.1-4.oe1.aarch64.rpm",
        "hdf5-debuginfo-1.12.1-4.oe1.aarch64.rpm",
        "hdf5-mpich-devel-1.12.1-4.oe1.aarch64.rpm",
        "hdf5-openmpi-1.12.1-4.oe1.aarch64.rpm",
        "hdf5-debugsource-1.12.1-4.oe1.aarch64.rpm"
    ]
}