CVE-2024-29159 – CVE-2024-29159 is a critical buffer overflow vu... (How to Fix)

Q: What is the severity of CVE-2024-29159?

CVE-2024-29159 has a CVSS score of 9.8 (CRITICAL). CVE-2024-29159 is a critical buffer overflow vulnerability in HDF5's scaleoffset filter that can corrupt the instruction pointer. This allows attackers to cause denial of service or potentially execute arbitrary code. Any application using HDF5 libraries to process untrusted HDF5 files is affected.

📋 TL;DR

CVE-2024-29159 is a critical buffer overflow vulnerability in HDF5's scaleoffset filter that can corrupt the instruction pointer. This allows attackers to cause denial of service or potentially execute arbitrary code. Any application using HDF5 libraries to process untrusted HDF5 files is affected.

💻 Affected Systems

Products:

HDF5 library
Applications using HDF5 libraries

Versions: HDF5 versions through 1.14.3

Operating Systems: All platforms running HDF5

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when processing HDF5 files with scaleoffset compression filter enabled.

📦 What is this software?

Hdf5 by Hdfgroup

View all CVEs affecting Hdf5 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Denial of service through application crashes when processing malicious HDF5 files.

🟢

If Mitigated

Application crashes without code execution if exploit mitigations like ASLR are effective.

🌐 Internet-Facing: HIGH - Applications accepting HDF5 files from external sources are directly vulnerable.

🏢 Internal Only: MEDIUM - Internal systems processing HDF5 files from untrusted sources remain at risk.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting malicious HDF5 files; no authentication needed to trigger the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: HDF5 1.14.4

Vendor Advisory: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/

Restart Required: Yes

Instructions:

1. Download HDF5 1.14.4 from hdfgroup.org. 2. Uninstall vulnerable HDF5 versions. 3. Install HDF5 1.14.4. 4. Recompile applications against patched library. 5. Restart affected services.

🔧 Temporary Workarounds

Disable scaleoffset filter

all

Prevent processing of HDF5 files using the vulnerable scaleoffset compression filter

# Configure applications to reject HDF5 files with scaleoffset filter

🧯 If You Can't Patch

Implement strict input validation to reject untrusted HDF5 files
Deploy application sandboxing or containerization to limit exploit impact

🔍 How to Verify

Check if Vulnerable:

Check HDF5 library version: h5dump --version or ldd on application binaries

Check Version:

h5dump --version | grep 'HDF5'

Verify Fix Applied:

Verify HDF5 version is 1.14.4 or later and applications are linked against patched library

📡 Detection & Monitoring

Log Indicators:

Application crashes with segmentation faults
Unexpected process termination when processing HDF5 files

Network Indicators:

Inbound HDF5 file transfers to vulnerable services

SIEM Query:

process.name: (h5dump OR application) AND event.action: crash

📊 Metadata

CVE ID: CVE-2024-29159

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: May 14, 2024

Last Updated: April 18, 2025

🔗 References

https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ Issue Tracking,Vendor Advisory
https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-29159, you might also want to check these: