PT-2016-5891 · Hdf+1 · Hdf5+1

Published

2016-11-18

Updated

2018-04-24

CVE-2016-4331

CVSS v3.1

8.6

High

Vector

AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HDF5 version 1.8.16

Description The issue arises when decoding data from a dataset encoded with the H5Z NBIT decoding in the HDF5 library, leading to a failure in ensuring that the precision is within the bounds of the size. This can result in arbitrary code execution.

Recommendations For HDF5 version 1.8.16, consider updating to a newer version that addresses this issue, as the current version fails to ensure precision bounds when decoding data with H5Z NBIT, potentially leading to arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2016-4331

DLA-771-1

DSA-3727-1

MGASA-2016-0425

OPENSUSE-SU-2018:1051-1

OPENSUSE-SU-2018:1056-1

OPENSUSE-SU-2018_1056-1

Affected Products

Hdf5

Suse

PT-2016-5891 · Hdf+1 · Hdf5+1

CVE-2016-4331

Weakness Enumeration

Related Identifiers

Affected Products

References · 43