What is CVE-2016-4330?

CVE-2016-4330 is a high-severity vulnerability in Hdfgroup Hdf5, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 8.6/10. Published 2016-11-18.

How severe is CVE-2016-4330?

High severity. CVSS v3 base score is 8.6 out of 10.

Buffer overflow in Hdfgroup Hdf5

CVE-2016-4330

In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code ex…

Vulnerability class: Buffer Overflow

EPSS: 0.004 (63.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H.

Affected products

Hdfgroup Hdf5 — versions 1.8.16
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cret@cert.org (Technical Description, Exploit, Third Party Advisory, x_refsource_MISC)
94414 (vdb-entry, x_refsource_BID)
GLSA-201701-13 (vendor-advisory, x_refsource_GENTOO)
DSA-3727 (vendor-advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2016-4330?: CVE-2016-4330 is a high-severity vulnerability in Hdfgroup Hdf5, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 8.6/10. Published 2016-11-18.
How severe is CVE-2016-4330?: High severity. CVSS v3 base score is 8.6 out of 10.