vulnerability

Debian: CVE-2016-4332: hdf5 -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:M/Au:N/C:C/I:C/A:C)	Nov 18, 2016	Dec 1, 2016	Aug 15, 2025

Severity

CVSS

(AV:L/AC:M/Au:N/C:C/I:C/A:C)

Published

Nov 18, 2016

Added

Dec 1, 2016

Modified

Aug 15, 2025

Description

The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library.

Solution

debian-upgrade-hdf5

References

CVE-2016-4332
https://attackerkb.com/topics/CVE-2016-4332
CWE-20
DEBIAN-DLA-771-1
DEBIAN-DSA-3727

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today