CVE-2016-4330 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Hdf5

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow11 documents7 sources

Severity

8.6HIGHNVD

OSV7.5

EPSS

0.4%

top 36.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hdfgroup Hdf5 Perl Debian Hdf5

Timeline

PublishedNov 18

Latest updateMay 17

Description

In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.8 | Impact: 6.0

Affected Packages4 packages

▶debiandebian/hdf5< hdf5 1.10.0-patch1+docs-1 (bookworm)

▶Debianhdfgroup/hdf5< 1.10.0-patch1+docs-1+3

▶NVDhdfgroup/hdf51.8.16

▶Ubuntuperl/perl< 5.18.2-2ubuntu1.1

🔴Vulnerability Details

GHSA

GHSA-gffv-475w-fvh4: In the HDF5 1↗2022-05-17

▶

OSV

CVE-2016-4330: In the HDF5 1↗2016-11-18

▶

OSV

perl vulnerabilities↗2016-03-02

▶

📋Vendor Advisories

Red Hat

hdf5: H5T_ARRAY heap buffer overflow↗2016-11-15

▶

Debian

CVE-2016-4330: hdf5 - In the HDF5 1.8.16 library's failure to check if the number of dimensions for an...↗2016

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Multiple File Parsing Bugs in HDF5 File Library Patched↗2016-11-18

▶

Talos

Vulnerability Spotlight: Multiple File Parsing Bugs in HDF5 File Library Patched↗2016-11-18

▶

💬Community

Bugzilla

CVE-2016-4330 CVE-2016-4331 CVE-2016-4332 CVE-2016-4333 hdf5: various flaws [epel-all]↗2016-11-23

▶

Bugzilla

CVE-2016-4330 hdf5: H5T_ARRAY heap buffer overflow↗2016-11-23

▶

Bugzilla

CVE-2016-4330 CVE-2016-4331 CVE-2016-4332 CVE-2016-4333 hdf5: various flaws [fedora-all]↗2016-11-23

▶