CVE-2016-4330

high

Description

In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution.

References

https://security.gentoo.org/glsa/201701-13

http://www.securityfocus.com/bid/94414

http://www.debian.org/security/2016/dsa-3727

Details

Source: Mitre, NVD

Published: 2016-11-18

Updated: 2017-11-04

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 8.6

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: High

Detections

Analytics