SB2018092014 - Multiple vulnerabilities in HDF5
Published: September 20, 2018 Updated: March 9, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 secuirty vulnerabilities.
1) Division by zero (CVE-ID: CVE-2018-17438)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a division by zero error in the H5D__select_io() function of H5Dselect.c in the HDF HDF5. A remote attacker can trick the victim into opening a specially crafted HDF file and perform a denial of service attack.
2) Resource exhaustion (CVE-ID: CVE-2018-17437)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5. A remote attacker can trick the victim into opening a specially crafted HDF5 file and perform a denial of service attack.
3) Out-of-bounds write (CVE-ID: CVE-2018-17436)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a boundary error in the ReadCode() function in decompress.c in the HDF HDF5. A remote attacker can trick the victim into opening specially crafted HDF file, trigger out-of-bounds write, and perform a denial of service attack.
4) Out-of-bounds read (CVE-ID: CVE-2018-17435)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the H5O_attr_decode() function in H5Oattr.c in the HDF HDF5 when converting an HDF file to GIF file. A remote attacker can trick the victim into opening a specially crafted HDF5 file and perform a denial of service attack.
5) Division by zero (CVE-ID: CVE-2018-17434)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a division by zero error in the function apply_filters() of h5repack_filters.c in the HDF HDF5. A remote attacker can trick the victim into opening specially crafted HDF file and perform a denial of service attack.
6) Heap-based buffer overflow (CVE-ID: CVE-2018-17433)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a boundary error in ReadGifImageDesc() in gifread.c in the HDF HDF5 when converting a GIF file to an HDF file. A remote attacker can trick the victim into opening a specially crafted HDF5 file and perform a denial of service attack.
7) NULL pointer dereference (CVE-ID: CVE-2018-17432)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5. A remote attacker can trick the victim into opening specially crafted HDF5 file and perform a denial of service attack.
8) Division by zero (CVE-ID: CVE-2018-17237)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a division by zero error in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5. A remote attacker can trick the victim into opening a specially crafted HDF file and perform a denial of service attack.
9) Resource exhaustion (CVE-ID: CVE-2018-17234)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5. A remote attacker can trick the victim into opening a specially crafted HDF5 file and perform a denial of service attack.
10) Division by zero (CVE-ID: CVE-2018-17233)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a division by zero error in the H5D__create_chunk_file_map_hyper() function of H5Dchunk.c in the HDF HDF5 . A remote attacker can trick the victim into opening specially crafted HDF file and perform a denial of service attack.
Remediation
Install update from vendor's website.
References
- https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_h5d__select_io_h5dselect
- https://bugzilla.redhat.com/show_bug.cgi?id=1634139
- https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#memory-leak-in-h5o_dtype_decode_helper
- https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#invalid-write-memory-access-in-decompressc
- https://bugzilla.redhat.com/show_bug.cgi?id=1634129
- https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln7#heap-overflow-in-h5o_attr_decode
- https://bugzilla.redhat.com/show_bug.cgi?id=1634125
- https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_apply_filters_h5repack_filters
- https://bugzilla.redhat.com/show_bug.cgi?id=1634121
- https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#heap-overflow-in-readgifimagedesc
- https://bugzilla.redhat.com/show_bug.cgi?id=1634118
- https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode
- https://bugzilla.redhat.com/show_bug.cgi?id=1634115
- https://github.com/SegfaultMasters/covering360/blob/master/HDF5/README.md#divided-by-zero---h5d__chunk_set_info_real_div_by_zero
- https://bugzilla.redhat.com/show_bug.cgi?id=1633860
- https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln3#memory-leak---h5o__chunk_deserialize_memory_leak
- https://bugzilla.redhat.com/show_bug.cgi?id=1633856
- https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln2#divided-by-zero---h5d__create_chunk_file_map_hyper_div_zero
- https://bugzilla.redhat.com/show_bug.cgi?id=1633853