Bug#884365: hdf5: CVE-2017-17505 CVE-2017-17506 CVE-2017-17507 CVE-2017-17508 CVE-2017-17509

Salvatore Bonaccorso carnil at debian.org
Thu Dec 14 15:17:51 UTC 2017 

Source: hdf5
Version: 1.8.13+docs-1
Severity: important
Tags: security upstream

Hi,

the following vulnerabilities were published for hdf5, the POCs are
found at [5]. Apart of CVE-2017-17509, all are confirmed back to
1.8.13+decs-15+deb8u1, still decided to collect that CVE as well in
this bug, but we can split up by affected version. Not sure as well if
the issues have been reported to upstream.

CVE-2017-17505[0]:
| In HDF5 1.10.1, there is a NULL pointer dereference in the function
| H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example,
| h5dump would crash when someone opens a crafted hdf5 file.

CVE-2017-17506[1]:
| In HDF5 1.10.1, there is an out of bounds read vulnerability in the
| function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example,
| h5dump would crash when someone opens a crafted hdf5 file.

CVE-2017-17507[2]:
| In HDF5 1.10.1, there is an out of bounds read vulnerability in the
| function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example,
| h5dump would crash when someone opens a crafted hdf5 file.

CVE-2017-17508[3]:
| In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function
| H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would
| crash when someone opens a crafted hdf5 file.

CVE-2017-17509[4]:
| In HDF5 1.10.1, there is an out of bounds write vulnerability in the
| function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example,
| h5dump would crash or possibly have unspecified other impact someone
| opens a crafted hdf5 file.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-17505
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17505
[1] https://security-tracker.debian.org/tracker/CVE-2017-17506
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17506
[2] https://security-tracker.debian.org/tracker/CVE-2017-17507
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17507
[3] https://security-tracker.debian.org/tracker/CVE-2017-17508
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17508
[4] https://security-tracker.debian.org/tracker/CVE-2017-17509
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17509
[5] https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md

Regards,
Salvatore

More information about the Pkg-grass-devel mailing list