Your submission was sent successfully! Close

CVE-2016-4330

Published: 18 November 2016

In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution.

From the Ubuntu security team

It was discovered that HDF5 incorrectly handled certain input files. An attacker could possibly use this issue to execute arbitrary code.

Priority

Medium

CVSS 3 base score: 8.6

Status

Package Release Status
hdf5
Launchpad, Ubuntu, Debian
Upstream
Released (1.8.18)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1.10.0-patch1+docs-1~exp5)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.8.16+docs-4ubuntu1.1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.8.11-5ubuntu7.1)