What is CVE-2016-4332?

CVE-2016-4332 is a high-severity vulnerability in Hdfgroup Hdf5, classified under Improper Input Validation. CVSS score: 8.6/10. Published 2016-11-18.

How severe is CVE-2016-4332?

High severity. CVSS v3 base score is 8.6 out of 10.

Improper input validation in Hdfgroup Hdf5

CVE-2016-4332

The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the libr…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (29.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H.

Affected products

Hdfgroup Hdf5 — versions 1.8.16
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

94417 (vdb-entry, x_refsource_BID)
GLSA-201701-13 (vendor-advisory, x_refsource_GENTOO)
DSA-3727 (vendor-advisory, x_refsource_DEBIAN)
cret@cert.org (Technical Description, Exploit, Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2016-4332?: CVE-2016-4332 is a high-severity vulnerability in Hdfgroup Hdf5, classified under Improper Input Validation. CVSS score: 8.6/10. Published 2016-11-18.
How severe is CVE-2016-4332?: High severity. CVSS v3 base score is 8.6 out of 10.