Add the 1.12 CVE matrix file

bmribler · Sep 3, 2023 · 593365e · 593365e
1 parent 4e2fbaa
commit 593365e
Showing 1 changed file with 74 additions and 0 deletions.
diff --git a/CVE_list-1_12.md b/CVE_list-1_12.md
@@ -0,0 +1,74 @@
+| CVE issue number                                                           | 1.12.0 | 1.12.1 | 1.12.2 | 1.12.3 |
+| :------------------------------------------------------------------------- | :----- | :----- | :----- | :----- |
+| [CVE-2022-26061](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26061)          | UNTESTED | UNTESTED | UNTESTED | UNTESTED |
+| [CVE-2022-25972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25972)          | UNTESTED | UNTESTED | UNTESTED | UNTESTED |
+| [CVE-2022-25942](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25942)          | UNTESTED | UNTESTED | UNTESTED | UNTESTED |
+| [CVE-2021-46244](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46244)          | ❌       | ❌       | ❌       | ✅       |
+| [CVE-2021-46243](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46243)          | ❌       | ❌       | ❌       | ✅       |
+| [CVE-2021-46242](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46242)          | ❌       | ✅       | ✅       | ✅       |
+| [CVE-2021-45833](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45833)          | ❌       | ❌       | ❌       | ✅       |
+| [CVE-2021-45832](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45832)          | UNTESTED | UNTESTED | UNTESTED | UNTESTED |
+| [CVE-2021-45830](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45830)          | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2021-45829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45829)          | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2021-37501](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37501)          | ❌       | ❌       | ❌       | ✅       |
+| [CVE-2021-36977](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36977)          | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2021-31009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31009)          |   N/A    |    N/A    |   N/A    |   N/A    |
+| [CVE-2020-10812](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10812)          | ❌       | ✅       | ✅       | ✅       |
+| [CVE-2020-10811](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10811)          | ❌       | ✅       | ✅       | ✅       |
+| [CVE-2020-10810](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10810)          | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2020-10809](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10809)          | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2019-9152](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9152)            | ❌       | ❌       | ❌       | ✅       |
+| [CVE-2019-9151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9151)            | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2019-8398](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8398)            | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2019-8397](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8397)            | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2019-8396](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8396)            | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2018-17439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17439)          | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2018-17438](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17438)          | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2018-17437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17437)          | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2018-17436](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17436)          | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2018-17435](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17435)          | ❌       | ✅       | ✅       | ✅       |
+| [CVE-2018-17434](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17434)          | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2018-17433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17433)          | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2018-17432](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17432)          | ❌       | ✅       | ✅       | ✅       |
+| [CVE-2018-17237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17237)          | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2018-17234](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17234)          | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2018-17233](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17233)          | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2018-16438](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16438)          | ✅       | ❌       | ❌       | ✅       |
+| [CVE-2018-15672](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15672)          | ❌       | ✅       | ✅       | ✅       |
+| [CVE-2018-15671](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15671)          | ❌       | ❌       | ❌       | ✅       |
+| [CVE-2018-14460](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14460)          | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2018-14035](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14035)          | ❌       | ✅       | ✅       | ✅       |
+| [CVE-2018-14034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14034)          | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2018-14033](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14033)          | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2018-14031](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14031)          | ✅       | ❌       | ❌       | ✅       |
+| [CVE-2018-13876](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13876)          | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2018-13875](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13875)          | ✅       | ❌       | ❌       | ✅       |
+| [CVE-2018-13874](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13874)          | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2018-13873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13873)          | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2018-13872](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13872)          | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2018-13871](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13871)          | ✅       | ❌       | ❌       | ❌       |
+| [CVE-2018-13870](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13870)          | ❌       | ✅       | ✅       | ✅       |
+| [CVE-2018-13869](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13869)          | ❌       | ✅       | ✅       | ✅       |
+| [CVE-2018-13868](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13868)          | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2018-13867](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13867)          | ❌       | ❌       | ❌       | ❌       |
+| [CVE-2018-13866](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13866)          | ❌       | ✅       | ✅       | ❌       |
+| [CVE-2018-11207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11207)          | ❌       | ✅       | ✅       | ✅       |
+| [CVE-2018-11206](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11206)          | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2018-11205](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11205)          | ❌       | ❌       | ❌       | ✅       |
+| [CVE-2018-11204](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11204)          | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2018-11203](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11203)          | ❌       | ✅       | ✅       | ✅       |
+| [CVE-2018-11202](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11202)          | ❌       | ❌       | ❌       | ✅       |
+| [CVE-2017-17509](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17509)          | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2017-17508](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17508)          | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2017-17507](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17507)          | ❌       | ❌       | ❌       | ❌       |
+| [CVE-2017-17506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17506)          | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2017-17505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17505)          | ✅       | ✅       | ✅       | ✅       |
+| [CVE-2016-4333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333)            | ❌       | ✅       | ✅       | ✅       |
+| [CVE-2016-4332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332)            | ❌       | ✅       | ✅       | ❌       |
+| [CVE-2016-4331](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331)            | ❌       | ✅       | ✅       | ✅       |
+| [CVE-2016-4330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330)            | ✅       | ✅       | ✅       | ✅       |
+
+## NOTES
+1. CVE-2021-45832 has no known proof of vulnerability file. The H5E code that could produce an infinite loop has been reworked, but without a vulnerable file or test program it's difficult to tell if this issue has been fixed. The stack trace provided with the CVE only contains part of the trace, so we don't even know the entry point into the library.
+2. CVE-2021-31009 is not a specific vulnerability against HDF5.
+3. CVE-2022-25942, CVE-2022-25972, and CVE-2022-26061 are not tested. Those vulnerabilities involve the high-level GIF tools and can be avoided by disabling those tools at build time.