Login Sign Up

CVE-2024-33876

5.7 MEDIUM

📋 TL;DR

CVE-2024-33876 is a heap buffer overflow vulnerability in the HDF5 library's H5S__point_deserialize function. This allows attackers to potentially execute arbitrary code or cause denial of service by providing specially crafted HDF5 files. Anyone using HDF5 library versions through 1.14.3 to process untrusted HDF5 files is affected.

💻 Affected Systems

Products:
  • HDF5 Library
Versions: All versions through 1.14.3
Operating Systems: All platforms where HDF5 is used (Linux, Windows, macOS, etc.)
Default Config Vulnerable: ⚠️ Yes
Notes: Any application using HDF5 library to deserialize point selections from HDF5 files is vulnerable.

📦 What is this software?

Hdf5 by Hdfgroup

View all CVEs affecting Hdf5 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise if the vulnerable process has high privileges.

🟠

Likely Case

Application crash (denial of service) or limited memory corruption leading to unstable behavior.

🟢

If Mitigated

Controlled crash with minimal impact if proper sandboxing and privilege separation are implemented.

🌐 Internet-Facing: MEDIUM - Exploitation requires processing malicious HDF5 files, which could be uploaded to web services or downloaded from untrusted sources.
🏢 Internal Only: LOW - Risk is limited to systems processing HDF5 files from untrusted sources internally.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting malicious HDF5 files that trigger the deserialization vulnerability. No public exploits are known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.14.4 and later

Vendor Advisory: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/

Restart Required: Yes

Instructions:

1. Download HDF5 1.14.4 or later from https://www.hdfgroup.org/downloads/hdf5/. 2. Uninstall current HDF5 version. 3. Install the patched version. 4. Recompile any applications that link against HDF5. 5. Restart affected services.

🔧 Temporary Workarounds

Input Validation

all

Validate all HDF5 files before processing to ensure they come from trusted sources.

Sandboxing

linux

Run HDF5 processing in isolated containers or sandboxes with minimal privileges.

docker run --read-only --cap-drop=ALL -v /trusted/data:/data:ro your_app

🧯 If You Can't Patch

  • Implement strict file validation to only process HDF5 files from trusted sources
  • Deploy application-level firewalls or WAFs to block malicious file uploads

🔍 How to Verify

Check if Vulnerable:

Check HDF5 library version: h5dump --version or check linked library version in applications.

Check Version:

h5dump --version | grep -o 'HDF5 [0-9.]*'

Verify Fix Applied:

Confirm version is 1.14.4 or later and test with known safe HDF5 files.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with segmentation faults when processing HDF5 files
  • Memory corruption errors in application logs

Network Indicators:

  • Unexpected HDF5 file uploads to web services
  • Large HDF5 file downloads from untrusted sources

SIEM Query:

source="application.log" AND ("segmentation fault" OR "buffer overflow") AND "HDF5"

📊 Metadata

CVE ID: CVE-2024-33876
CVSS v3 Score: 5.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
CWE: CWE-120
Published: May 14, 2024
Last Updated: April 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-33876, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)