Bug 661156 (CVE-2018-14031, CVE-2018-14032, CVE-2018-14033, CVE-2018-14034, CVE-2018-14035)

Summary:	sci-libs/hdf: Multiple vulnerabilities
Product:	Gentoo Security	Reporter:	GLSAMaker/CVETool Bot <glsamaker>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	IN_PROGRESS ---
Severity:	minor	CC:	sci
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B3 [??]
Package list:		Runtime testing required:	---

Description GLSAMaker/CVETool Bot gentoo-dev

2018-07-14 16:28:42 UTC

CVE-2018-14035 (https://nvd.nist.gov/vuln/detail/CVE-2018-14035):
  An issue was discovered in the HDF HDF5 1.8.20 library. There is a
  heap-based buffer over-read in the function H5VM_memcpyvv in H5VM.c.

CVE-2018-14034 (https://nvd.nist.gov/vuln/detail/CVE-2018-14034):
  An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of
  bounds read in the function H5O_pline_reset in H5Opline.c.

CVE-2018-14033 (https://nvd.nist.gov/vuln/detail/CVE-2018-14033):
  An issue was discovered in the HDF HDF5 1.8.20 library. There is a
  heap-based buffer over-read in the function H5O_layout_decode in
  H5Olayout.c, related to HDmemcpy.

CVE-2018-14032 (https://nvd.nist.gov/vuln/detail/CVE-2018-14032):
  An issue was discovered in the HDF HDF5 1.8.20 library. There is a
  heap-based buffer over-read in the function H5O_fill_new_decode in
  H5Ofill.c, related to HDmemcpy.

CVE-2018-14031 (https://nvd.nist.gov/vuln/detail/CVE-2018-14031):
  An issue was discovered in the HDF HDF5 1.8.20 library. There is a
  heap-based buffer over-read in the function H5T_copy in H5T.c.

Comment 1 John Helmert III archtester

2022-08-11 01:59:06 UTC

Seems like PoCs are public, but need to comb through them to see if any were ever fixed. https://github.com/TeamSeri0us/pocs/tree/master/hdf5