Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 661156 (CVE-2018-14031, CVE-2018-14032, CVE-2018-14033, CVE-2018-14034, CVE-2018-14035)

Summary: sci-libs/hdf: Multiple vulnerabilities
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: sci
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [??]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2018-07-14 16:28:42 UTC
CVE-2018-14035 (https://nvd.nist.gov/vuln/detail/CVE-2018-14035):
  An issue was discovered in the HDF HDF5 1.8.20 library. There is a
  heap-based buffer over-read in the function H5VM_memcpyvv in H5VM.c.

CVE-2018-14034 (https://nvd.nist.gov/vuln/detail/CVE-2018-14034):
  An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of
  bounds read in the function H5O_pline_reset in H5Opline.c.

CVE-2018-14033 (https://nvd.nist.gov/vuln/detail/CVE-2018-14033):
  An issue was discovered in the HDF HDF5 1.8.20 library. There is a
  heap-based buffer over-read in the function H5O_layout_decode in
  H5Olayout.c, related to HDmemcpy.

CVE-2018-14032 (https://nvd.nist.gov/vuln/detail/CVE-2018-14032):
  An issue was discovered in the HDF HDF5 1.8.20 library. There is a
  heap-based buffer over-read in the function H5O_fill_new_decode in
  H5Ofill.c, related to HDmemcpy.

CVE-2018-14031 (https://nvd.nist.gov/vuln/detail/CVE-2018-14031):
  An issue was discovered in the HDF HDF5 1.8.20 library. There is a
  heap-based buffer over-read in the function H5T_copy in H5T.c.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-11 01:59:06 UTC
Seems like PoCs are public, but need to comb through them to see if any were ever fixed. https://github.com/TeamSeri0us/pocs/tree/master/hdf5