CVE-2018-17237: Divide by Zero
First published: Thu Sep 20 2018(Updated: )
A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HDF5 | <=1.10.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-17237?
CVE-2018-17237 is classified as a medium severity vulnerability due to the potential for denial of service through a division by zero error.
How do I fix CVE-2018-17237?
To fix CVE-2018-17237, upgrade your HDF5 library to version 1.10.4 or later.
What types of applications are affected by CVE-2018-17237?
CVE-2018-17237 affects applications that utilize the HDF5 library versions up to 1.10.3.
What does CVE-2018-17237 exploit?
CVE-2018-17237 exploits incorrect handling of division by zero in the HDF5 library, particularly during the parsing of crafted HDF files.
Is CVE-2018-17237 a remote code execution vulnerability?
No, CVE-2018-17237 is not a remote code execution vulnerability; it is primarily a denial of service vulnerability.
- agent/references
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- vendor/hdfgroup
- canonical/hdf5
- version/hdf5/1.10.3