CVE-2018-17434

EUVD-2018-9187
A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
hdfgrouphdf5
𝑥
≤ 1.10.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
hdf5
bookworm
1.10.8+repack1-1
fixed
bullseye
1.10.6+repack-4+deb11u1
fixed
jessie
ignored
sid
1.10.10+repack-4
fixed
stretch
no-dsa
trixie
1.10.10+repack-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
hdf5
bionic
needed
cosmic
ignored
disco
ignored
eoan
ignored
focal
needed
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needed
kinetic
ignored
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
needed
xenial
needed
Common Weakness Enumeration
References
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_apply_filters_h5repack_filters
https://lists.debian.org/debian-lts-announce/2023/08/msg00009.html
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_apply_filters_h5repack_filters
https://lists.debian.org/debian-lts-announce/2023/08/msg00009.html