CVE-2016-4333

The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the array when initializing it.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.6 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
VendorProductVersion
hdfgrouphdf5
1.8.16
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
hdf5
bullseye
1.10.6+repack-4+deb11u1
fixed
bookworm
1.10.8+repack1-1
fixed
sid
1.10.10+repack-4
fixed
trixie
1.10.10+repack-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
hdf5
bionic
not-affected
artful
ignored
zesty
ignored
yakkety
ignored
xenial
Fixed 1.8.16+docs-4ubuntu1.1
released
trusty
Fixed 1.8.11-5ubuntu7.1
released
precise
ignored
Common Weakness Enumeration
References
http://www.debian.org/security/2016/dsa-3727
http://www.securityfocus.com/bid/94416
http://www.talosintelligence.com/reports/TALOS-2016-0179/
https://security.gentoo.org/glsa/201701-13
http://www.debian.org/security/2016/dsa-3727
http://www.securityfocus.com/bid/94416
http://www.talosintelligence.com/reports/TALOS-2016-0179/
https://security.gentoo.org/glsa/201701-13