CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-32611

CVSS 9.8v3.1pub. 2024-05-14upd. 2025-04-18

HDF5 Library through 1.14.3 may use an uninitialized value in H5A__attr_release_table in H5Aint.c.

🤖 AI Analysis
How it works

The vulnerability results from improper memory initialization (CWE-908, CWE-457) — the library may read or use a value from a variable whose content has not been previously set correctly. The H5A__attr_release_table function responsible for releasing the attribute table may operate on data from an uninitialized memory area. Such an error can be triggered by processing a specially crafted HDF5 file that forces the library to execute the vulnerable code path.

Impact

An attacker could potentially gain unauthorized access to data in memory, compromise the integrity of processed information, or cause application failure. In the worst case, the error could enable remote code execution (RCE) in the context of a process using the library.

Mitigation & patch

The HDF5 library should be updated to version 1.14.4 or later, where the error has been fixed according to vendor information available at: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/

Who is affected

HDF5 Library in versions up to and including 1.14.3 (Hdfgroup HDF5 through 1.14.3).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Hdfgroup Hdf5

    APP
    Hdfgroup
    < 1.14.4
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2024-32608CRITICAL9.8PL ✓ten sam produkt

Podatność RCE/DoS w bibliotece HDF5 — uszkodzenie pamięci w H5A__close

CVE-2024-29164CRITICAL9.8PL ✓ten sam produkt

Stack buffer overflow w HDF5 — RCE lub DoS przez uszkodzenie wskaźnika instrukcji

CVE-2024-29157CRITICAL9.8PL ✓ten sam produkt

HDF5: heap buffer overflow w H5HG_read umożliwiający RCE lub DoS

CVE-2024-29159CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w HDF5 H5Z__filter_scaleoffset – RCE lub DoS

CVE-2024-32615CRITICAL9.8PL ✓ten sam produkt

HDF5 Library: heap-based buffer overflow w dekompresji nbit