CVE-2016-4330

HIGH

HDF5 1.8.16 - Heap-Based Buffer Overflow via Array Dimension Handling

Title source: llm
STIX 2.1

Description

In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution.

References (4)

Core 4
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
http://www.talosintelligence.com/reports/TALOS-2016-0176/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94414
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201701-13
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3727

Scores

CVSS v3 8.6
EPSS 0.0080
EPSS Percentile 52.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
hdfgroup/hdf5 1.8.16
Published Nov 18, 2016
Tracked Since Feb 18, 2026