CVE-2016-4330

In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution.
Configurations

Configuration 1 (hide)

cpe:2.3:a:hdfgroup:hdf5:1.8.16:*:*:*:*:*:*:*

History

21 Nov 2024, 02:51

Type Values Removed Values Added
References () http://www.debian.org/security/2016/dsa-3727 - () http://www.debian.org/security/2016/dsa-3727 -
References () http://www.securityfocus.com/bid/94414 - () http://www.securityfocus.com/bid/94414 -
References () http://www.talosintelligence.com/reports/TALOS-2016-0176/ - Exploit, Technical Description, Third Party Advisory () http://www.talosintelligence.com/reports/TALOS-2016-0176/ - Exploit, Technical Description, Third Party Advisory
References () https://security.gentoo.org/glsa/201701-13 - () https://security.gentoo.org/glsa/201701-13 -

Information

Published : 2016-11-18 20:59

Updated : 2024-11-21 02:51


NVD link : CVE-2016-4330

Mitre link : CVE-2016-4330

CVE.ORG link : CVE-2016-4330


JSON object : View

Products Affected

hdfgroup

  • hdf5
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer