Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 678264 (CVE-2019-8396, CVE-2019-8397, CVE-2019-8398) - <sci-libs/hdf5-1.10.5: multiple vulnerabilities
Summary: <sci-libs/hdf5-1.10.5: multiple vulnerabilities
Alias: CVE-2019-8396, CVE-2019-8397, CVE-2019-8398
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa cve]
Depends on:
Reported: 2019-02-18 03:00 UTC by D'juan McDonald (domhnall)
Modified: 2019-08-02 00:25 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---
stable-bot: sanity-check+


Note You need to log in before you can comment on or make changes to this bug.
Description D'juan McDonald (domhnall) 2019-02-18 03:00:24 UTC


A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."




An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c.




An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c.


Gentoo Security Padawan
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2019-05-18 19:46:16 UTC
@arches, please stabilize.
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2019-05-19 18:07:21 UTC
x86 stable
Comment 3 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-05-19 20:33:57 UTC
amd64 stable
Comment 4 Sergei Trofimovich (RETIRED) gentoo-dev 2019-05-22 08:13:09 UTC
ia64 stable
Comment 5 Larry the Git Cow gentoo-dev 2019-06-04 07:53:11 UTC
The bug has been referenced in the following commit(s):

commit bfbe154ccb9626e3e4fe12077e932062e9cc2446
Author:     Tobias Klausmann <>
AuthorDate: 2019-06-04 07:52:21 +0000
Commit:     Tobias Klausmann <>
CommitDate: 2019-06-04 07:52:36 +0000

    sci-libs/hdf5-1.10.5-r0: alpha stable
    Signed-off-by: Tobias Klausmann <>

 sci-libs/hdf5/hdf5-1.10.5.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 6 Agostino Sarubbo gentoo-dev 2019-06-04 10:59:41 UTC
ppc64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2019-06-05 07:13:24 UTC
ppc stable
Comment 8 Agostino Sarubbo gentoo-dev 2019-06-08 18:16:03 UTC
sparc stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 9 Andreas Sturmlechner gentoo-dev 2019-06-16 05:45:58 UTC
Incidental cleanup in commit df2c62a10c80eb73d5c12bf143ae1c2c2321d980.