OESA-2024-2339

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2339
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2024-2339.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2024-2339
Upstream
Published
2024-11-08T15:06:55Z
Modified
2025-08-12T05:34:28.057768Z
Summary
hdf5 security update
Details

HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF5. The HDF5 Technology suite includes tools and applications for managing, manipulating, viewing, and analyzing data in the HDF5 format.

Security Fix(es):

An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5FLblkmalloc in H5FL.c.(CVE-2018-13871)

An issue was discovered in the HDF HDF5 1.8.20 library. There is an out-of-bounds read in the function H5VM_memcpyvv in H5VM.c.(CVE-2018-13875)

An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5Oplinereset in H5Opline.c.(CVE-2018-14034)

HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.(CVE-2024-29157)

HDF5 through 1.14.3 contains a stack buffer overflow in H5FLarrmalloc, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.(CVE-2024-29158)

HDF5 through 1.14.3 contains a buffer overflow in H5Z_filterscaleoffset, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.(CVE-2024-29159)

HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_cacheheap_deserialize, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.(CVE-2024-29160)

HDF5 through 1.14.3 contains a heap buffer overflow in H5A_attrrelease_table, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.(CVE-2024-29161)

HDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer overflow in H5HG_read, resulting in denial of service or potential code execution.(CVE-2024-29162)

HDF5 through 1.14.3 contains a heap buffer overflow in H5T_bitfind, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.(CVE-2024-29163)

HDF5 through 1.14.3 contains a stack buffer overflow in H5R_decodeheap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.(CVE-2024-29164)

HDF5 through 1.14.3 contains a buffer overflow in H5Z_filterfletcher32, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.(CVE-2024-29165)

HDF5 Library through 1.14.3 has a heap-based buffer over-read in H5VMmemcpyvv in H5VM.c (called from H5Dcompactreadvv in H5Dcompact.c).(CVE-2024-32605)

HDF5 Library through 1.14.3 has a SEGV in H5A__close in H5Aint.c, resulting in the corruption of the instruction pointer.(CVE-2024-32607)

HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.(CVE-2024-32608)

HDF5 Library through 1.14.3 allows stack consumption in the function H5Eprintfstack in H5Eint.c.(CVE-2024-32609)

HDF5 Library through 1.14.3 has a SEGV in H5Tclosereal in H5T.c, resulting in a corrupted instruction pointer.(CVE-2024-32610)

HDF5 Library through 1.14.3 may use an uninitialized value in H5A_attrrelease_table in H5Aint.c.(CVE-2024-32611)

HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5HL_fldeserialize in H5HLcache.c, resulting in the corruption of the instruction pointer, a different vulnerability than CVE-2024-32613.(CVE-2024-32612)

HDF5 Library through 1.14.3 contains a heap-based buffer over-read in the function H5HL_fldeserialize in H5HLcache.c, a different vulnerability than CVE-2024-32612.(CVE-2024-32613)

HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c.(CVE-2024-32614)

HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Z_nbitdecompressonebyte in H5Znbit.c, caused by the earlier use of an initialized pointer.(CVE-2024-32615)

HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5O_dtypeencode_helper in H5Odtype.c.(CVE-2024-32616)

HDF5 Library through 1.14.3 contains a heap-based buffer over-read caused by the unsafe use of strdup in H5MMxstrdup in H5MM.c (called from H5Gentto_link in H5Glink.c).(CVE-2024-32617)

HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_getnative_type in H5Tnative.c, resulting in the corruption of the instruction pointer.(CVE-2024-32618)

HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Tcopyreopen in H5T.c, resulting in the corruption of the instruction pointer.(CVE-2024-32619)

HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5Faddrdecode_len in H5Fint.c, resulting in the corruption of the instruction pointer.(CVE-2024-32620)

HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5HGread in H5HG.c (called from H5VLnativeblobget in H5VLnativeblob.c), resulting in the corruption of the instruction pointer.(CVE-2024-32621)

HDF5 Library through 1.14.3 contains a out-of-bounds read operation in H5FLarrmalloc in H5FL.c (called from H5Ssetextent_simple in H5S.c).(CVE-2024-32622)

HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5VMarrayfill in H5VM.c (called from H5Sselectelements in H5Spoint.c).(CVE-2024-32623)

HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Trefmemsetnull in H5Tref.c (called from H5Tconv_ref in H5Tconv.c), resulting in the corruption of the instruction pointer.(CVE-2024-32624)

HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D_scattermem in H5Dscatgath.c.(CVE-2024-33873)

HDF5 Library through 1.14.3 has a heap buffer overflow in H5O_mtimenew_encode in H5Omtime.c.(CVE-2024-33874)

HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O_layoutencode in H5Olayout.c, resulting in the corruption of the instruction pointer.(CVE-2024-33875)

HDF5 Library through 1.14.3 has a heap buffer overflow in H5S_pointdeserialize in H5Spoint.c.(CVE-2024-33876)

HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T_convstruct_opt in H5Tconv.c.(CVE-2024-33877)

Database specific
{
    "severity": "Critical"
}
References

Affected packages

openEuler:22.03-LTS-SP1 / hdf5

Package

Name
hdf5
Purl
pkg:rpm/openEuler/hdf5&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.14.5-1.oe2203sp1

Ecosystem specific

{
    "src": [
        "hdf5-1.14.5-1.oe2203sp1.src.rpm"
    ],
    "x86_64": [
        "hdf5-1.14.5-1.oe2203sp1.x86_64.rpm",
        "hdf5-debuginfo-1.14.5-1.oe2203sp1.x86_64.rpm",
        "hdf5-debugsource-1.14.5-1.oe2203sp1.x86_64.rpm",
        "hdf5-devel-1.14.5-1.oe2203sp1.x86_64.rpm",
        "hdf5-mpich-1.14.5-1.oe2203sp1.x86_64.rpm",
        "hdf5-mpich-devel-1.14.5-1.oe2203sp1.x86_64.rpm",
        "hdf5-mpich-static-1.14.5-1.oe2203sp1.x86_64.rpm",
        "hdf5-openmpi-1.14.5-1.oe2203sp1.x86_64.rpm",
        "hdf5-openmpi-devel-1.14.5-1.oe2203sp1.x86_64.rpm",
        "hdf5-openmpi-static-1.14.5-1.oe2203sp1.x86_64.rpm"
    ],
    "aarch64": [
        "hdf5-1.14.5-1.oe2203sp1.aarch64.rpm",
        "hdf5-debuginfo-1.14.5-1.oe2203sp1.aarch64.rpm",
        "hdf5-debugsource-1.14.5-1.oe2203sp1.aarch64.rpm",
        "hdf5-devel-1.14.5-1.oe2203sp1.aarch64.rpm",
        "hdf5-mpich-1.14.5-1.oe2203sp1.aarch64.rpm",
        "hdf5-mpich-devel-1.14.5-1.oe2203sp1.aarch64.rpm",
        "hdf5-mpich-static-1.14.5-1.oe2203sp1.aarch64.rpm",
        "hdf5-openmpi-1.14.5-1.oe2203sp1.aarch64.rpm",
        "hdf5-openmpi-devel-1.14.5-1.oe2203sp1.aarch64.rpm",
        "hdf5-openmpi-static-1.14.5-1.oe2203sp1.aarch64.rpm"
    ]
}