CVE-2016-4333
HIGHHDF5 1.8.16 - Heap-Based Buffer Overflow via Malicious File
Title source: llmDescription
The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the array when initializing it.
References (4)
Core 4
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
http://www.talosintelligence.com/reports/TALOS-2016-0179/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94416
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201701-13
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3727
Scores
CVSS v3
8.6
EPSS
0.0061
EPSS Percentile
45.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (1)
hdfgroup/hdf5
1.8.16
Published
Nov 18, 2016
Tracked Since
Feb 18, 2026