Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HDF5: H5T__conv_struct Use After Free
Vulnerability Description
HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is referenced in a memmove call from H5T__conv_struct. The original object was allocated by H5D__typeinfo_init_phase3 and freed by H5D__typeinfo_term.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
释放后使用
Vulnerability Title
HDF5 资源管理错误漏洞
Vulnerability Description
HDF5是HDF开源的一个库。 HDF5 1.14.1-2及之前版本存在资源管理错误漏洞,该漏洞源于h5dump辅助工具中存在堆释放后重用,攻击者提供恶意h5文件可能触发堆释放后重用,导致在H5T__conv_struct的memmove调用中引用已释放对象。
CVSS Information
N/A
Vulnerability Type
N/A