CVE-2016-4333

Published on: 11/18/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:26:57 PM UTC

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Certain versions of Hdf5 from Hdfgroup contain the following vulnerability:

The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the array when initializing it.

  • CVE-2016-4333 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 8.6 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
CHANGED HIGH HIGH HIGH

CVSS2 Score: 6.9 - MEDIUM

Access
Vector
Access
Complexity
Authentication
LOCAL MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
COMPLETE COMPLETE COMPLETE

CVE References

Description Tags Link
HDF5 CVE-2016-4333 Local Heap Buffer Overflow Vulnerability cve.report (archive)
text/html
URL Logo BID 94416
HDF5: Multiple vulnerabilities (GLSA 201701-13) — Gentoo security security.gentoo.org
text/html
URL Logo GENTOO GLSA-201701-13
Cisco Talos - Talos 2016 0179 Exploit
Technical Description
Third Party Advisory
www.talosintelligence.com
text/html
URL Logo MISC www.talosintelligence.com/reports/TALOS-2016-0179/
Debian -- Security Information -- DSA-3727-1 hdf5 www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3727

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationHdfgroupHdf51.8.16AllAllAll
ApplicationHdfgroupHdf51.8.16AllAllAll
  • cpe:2.3:a:hdfgroup:hdf5:1.8.16:*:*:*:*:*:*:*:
  • cpe:2.3:a:hdfgroup:hdf5:1.8.16:*:*:*:*:*:*:*: