CVE-2016-4332

Published: Nov 18, 2016Modified: May 6, 2026

8.6

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 6.0

Source: NVD

Description

The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library.

Affected (1)

Products: Hdfgroup: Hdf5

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hdfgroup Hdf5	Version 1.8.16

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

http://www.debian.org/security/2016/dsa-3727

Source: cret@cert.org

http://www.securityfocus.com/bid/94417

Source: cret@cert.org

http://www.talosintelligence.com/reports/TALOS-2016-0178/

Source: cret@cert.org

ExploitTechnical DescriptionThird Party Advisory

https://security.gentoo.org/glsa/201701-13

Source: cret@cert.org

http://www.debian.org/security/2016/dsa-3727

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/94417

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.talosintelligence.com/reports/TALOS-2016-0178/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

https://security.gentoo.org/glsa/201701-13

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.