VDB
CVE-2016-4332
CVE-2016-4332
PUBLISHED
The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library.
EPSS 0.11% · 28.9th percentile
Risk Scores
EPSS Score
0.11%
28.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | hdf5 | 1.8.11-3ubuntu1, 1.8.11-5ubuntu1, 1.8.11-5ubuntu2 |
| Ubuntu:16.04:LTS | hdf5 | *, 1.8.15-patch1+docs-4, * |
Exploit Intelligence
- http://www.talosintelligence.com/reports/TALOS-2016-0178/ (nist-nvd)
- 94417 (circl)
- GLSA-201701-13 (circl)
- DSA-3727 (circl)
Timeline
- Nov 18, 2016 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-4332 third-party-advisory
- http://www.talosintelligence.com/reports/TALOS-2016-0178/ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-4332 third-party-advisory