CVE-2016-4332

NameCVE-2016-4332
DescriptionThe library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-771-1, DSA-3727-1
NVD severitymedium (attack range: local)
Debian Bugs845301

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
hdf5 (PTS)wheezy1.8.8-9vulnerable
wheezy (security)1.8.8-9+deb7u1fixed
jessie (security), jessie1.8.13+docs-15+deb8u1fixed
stretch1.10.0-patch1+docs-3fixed
buster, sid1.10.0-patch1+docs-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
hdf5source(unstable)1.10.0-patch1+docs-1medium845301
hdf5sourcejessie1.8.13+docs-15+deb8u1mediumDSA-3727-1
hdf5sourcewheezy1.8.8-9+deb7u1mediumDLA-771-1

Notes

http://www.talosintelligence.com/reports/TALOS-2016-0178/
Fixed by: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/e1d50d498a0affbbd6e088b524fd495ea95dea88

Search for package or bug name: Reporting problems