PT-2016-5893 · Hdf+1 · Hdf5+1

Published

2016-11-18

Updated

2018-04-24

CVE-2016-4333

CVSS v3.1

8.6

High

Vector

AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HDF5 version 1.8.16

Description The issue allows an aggressor to cause the loop's index to point outside the bounds of the array when initializing it, due to the library allocating space for the array using a value from the file. This can have an impact within the loop for initializing the array, allowing a value within the file to modify the loop's terminator.

Recommendations For HDF5 version 1.8.16, consider updating to a newer version that contains a fix for this issue, as using a value from the file to allocate space for the array can lead to out-of-bounds access.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2016-4333

DLA-771-1

DSA-3727-1

MGASA-2016-0425

OPENSUSE-SU-2018:1051-1

OPENSUSE-SU-2018:1056-1

OPENSUSE-SU-2018_1056-1

Affected Products

Hdf5

Suse

PT-2016-5893 · Hdf+1 · Hdf5+1

CVE-2016-4333

Weakness Enumeration

Related Identifiers

Affected Products

References · 43