Multiple vulnerabilities have been found in HDF5 which could lead to the arbitrary execution of code.
|Package||sci-libs/hdf5 on all architectures|
|Affected versions||< 1.8.18|
|Unaffected versions||>= 1.8.18|
HDF5 technology suite includes a data model, library, and file format for storing and managing data.
Multiple arbitrary code execution vulnerabilities have been discovered in HDF5. Please review the CVE identifiers referenced below for details.
An attacker could execute arbitrary code with the privileges of the process via a maliciously crafted database file.
There is no known workaround at this time.
All HDF5 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sci-libs/hdf5-1.8.18"