CVE-2016-4333

HIGH

HDF5 1.8.16 - Heap-Based Buffer Overflow via Malicious File

Title source: llm
STIX 2.1

Description

The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the array when initializing it.

References (4)

Core 4
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
http://www.talosintelligence.com/reports/TALOS-2016-0179/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94416
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201701-13
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3727

Scores

CVSS v3 8.6
EPSS 0.0061
EPSS Percentile 45.0%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
hdfgroup/hdf5 1.8.16
Published Nov 18, 2016
Tracked Since Feb 18, 2026