Vulnerability Details CVE-2016-4331
When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.0%
CVSS Severity
CVSS v3 Score 8.6
CVSS v2 Score 6.9
References
- http://www.debian.org/security/2016/dsa-3727
- http://www.securityfocus.com/bid/94411
- http://www.talosintelligence.com/reports/TALOS-2016-0177/
- https://security.gentoo.org/glsa/201701-13
- http://www.debian.org/security/2016/dsa-3727
- http://www.securityfocus.com/bid/94411
- http://www.talosintelligence.com/reports/TALOS-2016-0177/
- https://security.gentoo.org/glsa/201701-13