CVE-2016-4330
hdf5 - security update
8.6
HIGH
CVSS 3.1
EPSS 0.44%
Description
In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution.
How to fix CVE-2016-4330
To remediate CVE-2016-4330, upgrade the affected package to a fixed version below.
- Debian/hdf5—upgrade to 1.10.0-patch1+docs-1 or later
- —upgrade to 1.8.8-9+deb7u1 or later
- —upgrade to 1.8.13+docs-15+deb8u1 or later
Is CVE-2016-4330 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 1.10.0-patch1+docs-1
- from 0, < 1.8.8-9+deb7u1
- from 0, < 1.8.13+docs-15+deb8u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.6 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |