Published: 18 November 2016
When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution.
From the Ubuntu security team
It was discovered that HDF5 incorrectly handled decoding of data. An attacker could possibly use this issue to execute arbitrary code.
CVSS 3 base score: 8.6