CVE-2017-17505 - In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline

CVE-2017-17505

Summary

In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.

References

https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md

Vulnerable Configurations

cpe:2.3:a:hdfgroup:hdf5:1.10.1:*:*:*:*:*:*:*
cpe:2.3:a:hdfgroup:hdf5:1.10.1:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 19-12-2017 - 20:36)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

misc

https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md

Last major update

19-12-2017 - 20:36

Published

11-12-2017 - 03:29

Last modified

19-12-2017 - 20:36