{"id":"CVE-2018-11206","details":"An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.","modified":"2026-03-13T23:19:59.848356Z","published":"2018-05-16T15:29:00.447Z","related":["SUSE-SU-2022:1903-1","SUSE-SU-2022:1910-1","SUSE-SU-2022:1911-1","SUSE-SU-2022:1912-1","SUSE-SU-2022:1933-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00009.html"},{"type":"ADVISORY","url":"https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md"},{"type":"EVIDENCE","url":"https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/hdfgroup/hdf5","events":[{"introduced":"0"},{"last_affected":"2ad049a6411923653365962c826cf59cf801d0d7"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.10.2"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11206.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}]}