OESA-2024-2409

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2409
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2024-2409.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2024-2409
Upstream
Published
2024-11-15T12:20:23Z
Modified
2025-08-12T05:43:11.122599Z
Summary
hdf5 security update
Details

HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF5. The HDF5 Technology suite includes tools and applications for managing, manipulating, viewing, and analyzing data in the HDF5 format.

Security Fix(es):

HDF5 through 1.14.3 contains a buffer overflow in H5O_linfodecode, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.(CVE-2024-29166)

HDF5 Library through 1.14.3 may attempt to dereference uninitialized values in h5toolsstrsprint in tools/lib/h5toolsstr.c (called from h5toolsdumpsimpledata in tools/lib/h5tools_dump.c).(CVE-2024-32606)

Database specific 
{
    "severity": "Medium"
}
References

Affected packages

openEuler:24.03-LTS / hdf5

Package

Name
hdf5
Purl
pkg:rpm/openEuler/hdf5&distro=openEuler-24.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.14.5-1.oe2403

Ecosystem specific 

{
    "x86_64": [
        "hdf5-1.14.5-1.oe2403.x86_64.rpm",
        "hdf5-debuginfo-1.14.5-1.oe2403.x86_64.rpm",
        "hdf5-debugsource-1.14.5-1.oe2403.x86_64.rpm",
        "hdf5-devel-1.14.5-1.oe2403.x86_64.rpm",
        "hdf5-mpich-1.14.5-1.oe2403.x86_64.rpm",
        "hdf5-mpich-devel-1.14.5-1.oe2403.x86_64.rpm",
        "hdf5-mpich-static-1.14.5-1.oe2403.x86_64.rpm",
        "hdf5-openmpi-1.14.5-1.oe2403.x86_64.rpm",
        "hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64.rpm",
        "hdf5-openmpi-static-1.14.5-1.oe2403.x86_64.rpm"
    ],
    "src": [
        "hdf5-1.14.5-1.oe2403.src.rpm"
    ],
    "aarch64": [
        "hdf5-1.14.5-1.oe2403.aarch64.rpm",
        "hdf5-debuginfo-1.14.5-1.oe2403.aarch64.rpm",
        "hdf5-debugsource-1.14.5-1.oe2403.aarch64.rpm",
        "hdf5-devel-1.14.5-1.oe2403.aarch64.rpm",
        "hdf5-mpich-1.14.5-1.oe2403.aarch64.rpm",
        "hdf5-mpich-devel-1.14.5-1.oe2403.aarch64.rpm",
        "hdf5-mpich-static-1.14.5-1.oe2403.aarch64.rpm",
        "hdf5-openmpi-1.14.5-1.oe2403.aarch64.rpm",
        "hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64.rpm",
        "hdf5-openmpi-static-1.14.5-1.oe2403.aarch64.rpm"
    ]
}