CVE-2016-4333 Information

Description

The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop’s terminator. Due to this an aggressor can cause the loop’s index to point outside the bounds of the array when initializing it.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Reference

http://www.debian.org/security/2016/dsa-3727 http://www.securityfocus.com/bid/94416 http://www.talosintelligence.com/reports/TALOS-2016-0179/ https://security.gentoo.org/glsa/201701-13

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.6