CVE-2016-4333Improper Restriction of Operations within the Bounds of a Memory Buffer in Hdf5

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer Overflow10 documents7 sources
Severity
8.6HIGHNVD
EPSS
0.3%
top 51.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Hdfgroup Hdf5Debian Hdf5
Timeline
PublishedNov 18
Latest updateMay 17

Description

The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the array when initializing it.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.8 | Impact: 6.0

Affected Packages3 packages

debiandebian/hdf5< hdf5 1.10.0-patch1+docs-1 (bookworm)
Debianhdfgroup/hdf5< 1.10.0-patch1+docs-1+3
NVDhdfgroup/hdf51.8.16

🔴Vulnerability Details

2
GHSA
GHSA-hvm6-p25j-5hjf: The HDF5 12022-05-17
OSV
CVE-2016-4333: The HDF5 12016-11-18

📋Vendor Advisories

2
Red Hat
hdf5: H5T_COMPOUND heap buffer overflow2016-11-15
Debian
CVE-2016-4333: hdf5 - The HDF5 1.8.16 library allocating space for the array using a value from the fi...2016

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Multiple File Parsing Bugs in HDF5 File Library Patched2016-11-18
Talos
Vulnerability Spotlight: Multiple File Parsing Bugs in HDF5 File Library Patched2016-11-18

💬Community

3
Bugzilla
CVE-2016-4330 CVE-2016-4331 CVE-2016-4332 CVE-2016-4333 hdf5: various flaws [epel-all]2016-11-23
Bugzilla
CVE-2016-4330 CVE-2016-4331 CVE-2016-4332 CVE-2016-4333 hdf5: various flaws [fedora-all]2016-11-23
Bugzilla
CVE-2016-4333 hdf5: H5T_COMPOUND heap buffer overflow2016-11-23