[Secure-testing-commits] r58573 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Dec 14 14:31:49 UTC 2017
Author: carnil
Date: 2017-12-14 14:31:49 +0000 (Thu, 14 Dec 2017)
New Revision: 58573
Modified:
data/CVE/list
Log:
Add references for pocs for hdf5 issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-14 13:27:40 UTC (rev 58572)
+++ data/CVE/list 2017-12-14 14:31:49 UTC (rev 58573)
@@ -2487,22 +2487,27 @@
CVE-2017-17509 (In HDF5 1.10.1, there is an out of bounds write vulnerability in the ...)
- hdf5 <unfixed>
[wheezy] - hdf5 <no-dsa> (Minor issue)
+ NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/5-hdf5-heap-overflow-H5G__ent_decode_vec
NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
CVE-2017-17508 (In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function ...)
- hdf5 <unfixed>
[wheezy] - hdf5 <no-dsa> (Minor issue)
+ NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/1-hdf5-divbyzero-H5T_set_loc
NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
CVE-2017-17507 (In HDF5 1.10.1, there is an out of bounds read vulnerability in the ...)
- hdf5 <unfixed>
[wheezy] - hdf5 <no-dsa> (Minor issue)
+ NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/3-hdf5-outbound-read-H5T_conv_struct_opt
NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
CVE-2017-17506 (In HDF5 1.10.1, there is an out of bounds read vulnerability in the ...)
- hdf5 <unfixed>
[wheezy] - hdf5 <no-dsa> (Minor issue)
+ NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/4-hdf5-outbound-read-H5Opline_pline_decode
NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
CVE-2017-17505 (In HDF5 1.10.1, there is a NULL pointer dereference in the function ...)
- hdf5 <unfixed>
[wheezy] - hdf5 <no-dsa> (Minor issue)
+ NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/2-hdf5-null-pointer-H5O_pline_decode
NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
CVE-2017-17504 (ImageMagick before 7.0.7-12 has a coders/png.c ...)
- imagemagick <unfixed>
More information about the Secure-testing-commits
mailing list