On Thu, 14 Dec 2017 16:17:51 +0100 Salvatore Bonaccorso <car...@debian.org> wrote: > Source: hdf5 > Version: 1.8.13+docs-1 > Severity: important > Tags: security upstream > > Hi, > > the following vulnerabilities were published for hdf5, the POCs are > found at [5]. Apart of CVE-2017-17509, all are confirmed back to > 1.8.13+decs-15+deb8u1, still decided to collect that CVE as well in > this bug, but we can split up by affected version. Not sure as well if > the issues have been reported to upstream. > > CVE-2017-17505[0]: > | In HDF5 1.10.1, there is a NULL pointer dereference in the function > | H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, > | h5dump would crash when someone opens a crafted hdf5 file. > > CVE-2017-17506[1]: > | In HDF5 1.10.1, there is an out of bounds read vulnerability in the > | function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, > | h5dump would crash when someone opens a crafted hdf5 file. > > CVE-2017-17507[2]: > | In HDF5 1.10.1, there is an out of bounds read vulnerability in the > | function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, > | h5dump would crash when someone opens a crafted hdf5 file. > > CVE-2017-17508[3]: > | In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function > | H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would > | crash when someone opens a crafted hdf5 file. > > CVE-2017-17509[4]: > | In HDF5 1.10.1, there is an out of bounds write vulnerability in the > | function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, > | h5dump would crash or possibly have unspecified other impact someone > | opens a crafted hdf5 file.
CVE-2017-17505, CVE-2017-17506, CVE-2017-17508 and CVE-2017-17509 are fixed in upstream release 1.10.2 [1]. Regarding CVE-2017-17507, upstream release notes for release 1.10.2 states [1]: > NOTE: The HDF5 C library cannot produce such a file. This condition > should only occur in a corrupt (or deliberately altered) file > or a file created by third-party software. > > THE HDF GROUP WILL NOT FIX THIS BUG AT THIS TIME > > Fixing this problem would involve updating the publicly visible > H5T_conv_t function pointer typedef and versioning the API calls > which use it. We normally only modify the public API during > major releases, so this bug will not be fixed at this time. > > (DER - 2018/02/26, HDFFV-10356) [1] https://confluence.hdfgroup.org/display/support/HDF5+1.10.2 Thanks, _g.
signature.asc
Description: OpenPGP digital signature
