[Secure-testing-commits] r58573 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Dec 14 14:31:49 UTC 2017 

Author: carnil
Date: 2017-12-14 14:31:49 +0000 (Thu, 14 Dec 2017)
New Revision: 58573

Modified:
   data/CVE/list
Log:
Add references for pocs for hdf5 issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-14 13:27:40 UTC (rev 58572)
+++ data/CVE/list	2017-12-14 14:31:49 UTC (rev 58573)
@@ -2487,22 +2487,27 @@
 CVE-2017-17509 (In HDF5 1.10.1, there is an out of bounds write vulnerability in the ...)
 	- hdf5 <unfixed>
 	[wheezy] - hdf5 <no-dsa> (Minor issue)
+	NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/5-hdf5-heap-overflow-H5G__ent_decode_vec
 	NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
 CVE-2017-17508 (In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function ...)
 	- hdf5 <unfixed>
 	[wheezy] - hdf5 <no-dsa> (Minor issue)
+	NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/1-hdf5-divbyzero-H5T_set_loc
 	NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
 CVE-2017-17507 (In HDF5 1.10.1, there is an out of bounds read vulnerability in the ...)
 	- hdf5 <unfixed>
 	[wheezy] - hdf5 <no-dsa> (Minor issue)
+	NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/3-hdf5-outbound-read-H5T_conv_struct_opt
 	NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
 CVE-2017-17506 (In HDF5 1.10.1, there is an out of bounds read vulnerability in the ...)
 	- hdf5 <unfixed>
 	[wheezy] - hdf5 <no-dsa> (Minor issue)
+	NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/4-hdf5-outbound-read-H5Opline_pline_decode
 	NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
 CVE-2017-17505 (In HDF5 1.10.1, there is a NULL pointer dereference in the function ...)
 	- hdf5 <unfixed>
 	[wheezy] - hdf5 <no-dsa> (Minor issue)
+	NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/2-hdf5-null-pointer-H5O_pline_decode
 	NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
 CVE-2017-17504 (ImageMagick before 7.0.7-12 has a coders/png.c ...)
 	- imagemagick <unfixed>

More information about the Secure-testing-commits mailing list