Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-8396

Опубликовано: 17 фев. 2019
Источник: debian

Описание

A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."

Пакеты

ПакетСтатусВерсия исправленияРелизТип
hdf5fixed1.14.5+repack-1package
hdf5no-dsabusterpackage

Примечания

  • https://github.com/magicSwordsMan/PAAFS/tree/master/vul4

  • https://jira.hdfgroup.org/browse/HDFFV-10712

  • HDFFV-10712 is marked to be closed in a future 1.10.8 upstream release.

  • Upstream fix was made in May 2021 after the 1.12.0 release (Mar 2020)

  • HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722

Связанные уязвимости

ubuntu логотип

CVE-2019-8396

CVSS3: 6.5
ubuntu
почти 7 лет назад

A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."

redhat логотип

CVE-2019-8396

CVSS3: 5.5
redhat
около 7 лет назад

A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."

nvd логотип

CVE-2019-8396

CVSS3: 6.5
nvd
почти 7 лет назад

A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."

github логотип

GHSA-h653-rw9w-9phr

CVSS3: 6.5
github
больше 3 лет назад

A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."

fstec логотип

BDU:2025-07698

CVSS3: 6.5
fstec
почти 7 лет назад

Уязвимость функции H5O__layout_encode компонента H5Olayout.c библиотеки обработки HDF файлов HDF5, позволяющая нарушителю вызвать отказ в обслуживании