cvedb.io
CVE-2016-4332
HIGH · CVSS 8.6
EPSS exploitation probability: 0%
Published 2016-11-18T20:59:03.693 · Last modified 2026-06-17T00:47:21.790

Summary

The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library.

Affected products

hdfgroup — hdf5

Does this affect you?

Add your gear to cvedb and we'll alert you only when hdfgroup ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.