hdf5/CVE_list_1_14.md at 2549afc840468e924cfcb5398cd18cc4e7db4359

mirror of https://github.com/HDFGroup/hdf5.git synced 2025-02-17 16:10:24 +08:00

This makes the lines shorter to keep CVE numbers on one line instead of breaking
them into three lines.

2023-09-25 10:41:44 -07:00

10 KiB

Raw Blame History

CVE issue number	1.14.0	1.14.1	1.14.2	1.14.3
CVE-2022-26061	UNT (3)	UNT (3)	UNT (3)	UNT (3)
CVE-2022-25972	UNT (3)	UNT (3)	UNT (3)	UNT (3)
CVE-2022-25942	UNT (3)	UNT (3)	UNT (3)	UNT (3)
CVE-2021-46244	✅	✅	✅	✅
CVE-2021-46243	✅	✅	✅	✅
CVE-2021-46242	✅	✅	✅	✅
CVE-2021-45833	✅	✅	✅	✅
CVE-2021-45832	UNT (1)	UNT (1)	UNT (1)	UNT (1)
CVE-2021-45830	✅	✅	✅	✅
CVE-2021-45829	✅	✅	✅	✅
CVE-2021-37501	❌	✅	✅	✅
CVE-2021-36977	✅	✅	✅	✅
CVE-2021-31009	N/A (2)	N/A (2)	N/A (2)	N/A (2)
CVE-2020-10812	✅	✅	✅	✅
CVE-2020-10811	✅	✅	✅	✅
CVE-2020-10810	✅	✅	✅	✅
CVE-2020-10809	✅	✅	✅	✅
CVE-2019-9152	✅	✅	✅	✅
CVE-2019-9151	✅	✅	✅	✅
CVE-2019-8398	✅	✅	✅	✅
CVE-2019-8397	✅	✅	✅	✅
CVE-2019-8396	✅	✅	✅	✅
CVE-2018-17439	✅	✅	✅	✅
CVE-2018-17438	✅	✅	✅	✅
CVE-2018-17437	✅	✅	✅	✅
CVE-2018-17436	✅	✅	✅	✅
CVE-2018-17435	✅	✅	✅	✅
CVE-2018-17434	✅	✅	✅	✅
CVE-2018-17433	✅	✅	✅	✅
CVE-2018-17432	✅	✅	✅	✅
CVE-2018-17237	✅	✅	✅	✅
CVE-2018-17234	✅	✅	✅	✅
CVE-2018-17233	✅	✅	✅	✅
CVE-2018-16438	✅	✅	✅	✅
CVE-2018-15672	✅	✅	✅	✅
CVE-2018-15671	❌	❌	❌	✅
CVE-2018-14460	✅	✅	✅	✅
CVE-2018-14035	✅	✅	✅	✅
CVE-2018-14034	✅	✅	✅	✅
CVE-2018-14033	✅	✅	✅	✅
CVE-2018-14031	✅	✅	✅	✅
CVE-2018-13876	✅	✅	✅	✅
CVE-2018-13875	✅	✅	✅	✅
CVE-2018-13874	✅	✅	✅	✅
CVE-2018-13873	✅	✅	✅	✅
CVE-2018-13872	✅	✅	✅	✅
CVE-2018-13871	❌	✅	✅	✅
CVE-2018-13870	✅	✅	✅	✅
CVE-2018-13869	✅	✅	✅	✅
CVE-2018-13868	✅	✅	✅	✅
CVE-2018-13867	❌	❌	✅	✅
CVE-2018-13866	❌	✅	✅	✅
CVE-2018-11207	✅	✅	✅	✅
CVE-2018-11206	✅	✅	✅	✅
CVE-2018-11205	❌	✅	✅	✅
CVE-2018-11204	✅	✅	✅	✅
CVE-2018-11203	✅	✅	✅	✅
CVE-2018-11202	❌	❌	✅	✅
CVE-2017-17509	✅	✅	✅	✅
CVE-2017-17508	✅	✅	✅	✅
CVE-2017-17507	❌	❌	✅	✅
CVE-2017-17506	✅	✅	✅	✅
CVE-2017-17505	✅	✅	✅	✅
CVE-2016-4333	✅	✅	✅	✅
CVE-2016-4332	❌	❌	❌	✅
CVE-2016-4331	✅	✅	✅	✅
CVE-2016-4330	✅	✅	✅	✅

NOTES

"UNT" denotes "UNTESTED"

CVE-2021-45832 has no known proof of vulnerability file. The H5E code that could produce an infinite loop has been reworked, but without a vulnerable file or test program it's difficult to tell if this issue has been fixed. The stack trace provided with the CVE only contains part of the trace, so we don't even know the entry point into the library.
CVE-2021-31009 is not a specific vulnerability against HDF5.
CVE-2022-25942, CVE-2022-25972, and CVE-2022-26061 are not tested. Those vulnerabilities involve the high-level GIF tools and can be avoided by disabling those tools at build time.

10 KiB Raw Blame History

NOTES

10 KiB

Raw Blame History