Login Sign Up

CVE-2024-29161

8.8 HIGH
Denial of Service

📋 TL;DR

CVE-2024-29161 is a heap buffer overflow vulnerability in HDF5 library versions through 1.14.3 that can corrupt the instruction pointer when processing HDF5 files. This allows attackers to cause denial of service or potentially execute arbitrary code by providing malicious HDF5 files. Any application or system using vulnerable HDF5 libraries to process untrusted HDF5 files is affected.

💻 Affected Systems

Products:
  • HDF5 library
  • Applications using HDF5 libraries
Versions: HDF5 versions through 1.14.3
Operating Systems: All platforms running HDF5
Default Config Vulnerable: ⚠️ Yes
Notes: Any application linking against vulnerable HDF5 libraries is affected when processing HDF5 files.

📦 What is this software?

Hdf5 by Hdfgroup

View all CVEs affecting Hdf5 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the process using HDF5, potentially leading to full system compromise.

🟠

Likely Case

Denial of service through application crashes when processing malicious HDF5 files.

🟢

If Mitigated

Limited impact with proper sandboxing and input validation, though crashes may still occur.

🌐 Internet-Facing: MEDIUM - Risk exists if applications process user-uploaded HDF5 files, but requires specific file processing.
🏢 Internal Only: LOW - Typically requires local access or specific workflows involving HDF5 file processing.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting malicious HDF5 files and getting them processed by vulnerable systems.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: HDF5 1.14.4

Vendor Advisory: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/

Restart Required: Yes

Instructions:

1. Download HDF5 1.14.4 from official HDF Group website. 2. Replace existing HDF5 installation with patched version. 3. Recompile any applications using HDF5 libraries. 4. Restart affected services.

🔧 Temporary Workarounds

Input Validation

all

Implement strict validation of HDF5 files before processing

Sandboxing

linux

Run HDF5 processing in isolated containers or sandboxes

docker run --read-only --security-opt=no-new-privileges -v /safe/input:/input:ro your_app

🧯 If You Can't Patch

  • Implement strict file upload controls and validation for HDF5 files
  • Isolate HDF5 processing to dedicated systems with minimal privileges

🔍 How to Verify

Check if Vulnerable:

Check HDF5 library version: h5dump --version or check linked libraries in applications

Check Version:

h5dump --version 2>/dev/null | head -1

Verify Fix Applied:

Verify HDF5 version is 1.14.4 or later: h5dump --version | grep -q '1.14.4'

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing HDF5 files
  • Segmentation faults in HDF5-related processes

Network Indicators:

  • Unusual HDF5 file uploads to web applications

SIEM Query:

source="application.log" AND ("segmentation fault" OR "SIGSEGV") AND process="*hdf5*"

📊 Metadata

CVE ID: CVE-2024-29161
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-122
Published: May 14, 2024
Last Updated: April 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-29161, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)