CVE-2016-4332
Last modified
CVE-2016-4332 is a vulnerability of currently unknown severity. The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library.. EPSS estimates a 0.81% chance of exploitation in the next 30 days.
Description
The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hdfgroup | Hdf5 | 1.8.16 |
References
- http://www.talosintelligence.com/reports/TALOS-2016-0178/Exploit, Technical Description, Third Party Advisory
- http://www.talosintelligence.com/reports/TALOS-2016-0178/Exploit, Technical Description, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-4332?
How severe is CVE-2016-4332?
How do I fix CVE-2016-4332?
Are you affected by CVE-2016-4332?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST