CVE-2016-4331 — Out-of-bounds Write in Hdf5

CWE-787 — Out-of-bounds Write CWE-122 — Heap-based Buffer Overflow10 documents7 sources

Severity

8.6HIGHNVD

EPSS

0.4%

top 36.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hdfgroup Hdf5 Debian Hdf5

Timeline

PublishedNov 18

Latest updateMay 17

Description

When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.8 | Impact: 6.0

Affected Packages3 packages

▶debiandebian/hdf5< hdf5 1.10.0-patch1+docs-1 (bookworm)

▶Debianhdfgroup/hdf5< 1.10.0-patch1+docs-1+3

▶NVDhdfgroup/hdf51.8.16

🔴Vulnerability Details

GHSA

GHSA-4hhr-jhmc-r3cj: When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1↗2022-05-17

▶

OSV

CVE-2016-4331: When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1↗2016-11-18

▶

📋Vendor Advisories

Red Hat

hdf5: H5Z_NBIT heap buffer overflow↗2016-11-15

▶

Debian

CVE-2016-4331: hdf5 - When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5...↗2016

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Multiple File Parsing Bugs in HDF5 File Library Patched↗2016-11-18

▶

Talos

Vulnerability Spotlight: Multiple File Parsing Bugs in HDF5 File Library Patched↗2016-11-18

▶

💬Community

Bugzilla

CVE-2016-4330 CVE-2016-4331 CVE-2016-4332 CVE-2016-4333 hdf5: various flaws [epel-all]↗2016-11-23

▶

Bugzilla

CVE-2016-4331 hdf5: H5Z_NBIT heap buffer overflow↗2016-11-23

▶

Bugzilla

CVE-2016-4330 CVE-2016-4331 CVE-2016-4332 CVE-2016-4333 hdf5: various flaws [fedora-all]↗2016-11-23

▶