Published: 18 November 2016
In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution.
From the Ubuntu security team
It was discovered that HDF5 incorrectly handled certain input files. An attacker could possibly use this issue to execute arbitrary code.
CVSS 3 base score: 8.6