CVE-2018-17237 Information

Description

A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file because of incorrect protection against division by zero. This issue is different from CVE-2018-11207.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Reference

https://github.com/SegfaultMasters/covering360/blob/master/HDF5/README.mddivided-by-zero—h5d__chunk_set_info_real_div_by_zero

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

6.5