CVE-2016-4332 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-4332 Interim 1 13 2022-10-15T16:37:56Z current 2021-05-30T13:41:50Z 2022-10-15T16:37:56Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-4332 The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00067.html E-Mail link for openSUSE-SU-2018:1051-1 https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00068.html E-Mail link for openSUSE-SU-2018:1056-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 12 hdf5-1.8.17-5.1 hdf5-devel-1.8.17-5.1 hdf5-devel-data-1.8.17-5.1 hdf5-devel-static-1.8.17-5.1 hdf5-examples-1.8.17-5.1 hdf5-openmpi-1.8.17-5.1 hdf5-openmpi-devel-1.8.17-5.1 hdf5-openmpi-devel-static-1.8.17-5.1 libhdf5-10-1.8.17-5.1 libhdf5-10-openmpi-1.8.17-5.1 libhdf5_cpp12-1.8.17-5.1 libhdf5_fortran10-1.8.17-5.1 libhdf5_fortran10-openmpi-1.8.17-5.1 libhdf5_hl10-1.8.17-5.1 libhdf5_hl10-openmpi-1.8.17-5.1 libhdf5_hl_cpp11-1.8.17-5.1 libhdf5hl_fortran10-1.8.17-5.1 libhdf5hl_fortran10-openmpi-1.8.17-5.1 hdf5-1.8.17-5.1 as a component of SUSE Package Hub 12 hdf5-devel-1.8.17-5.1 as a component of SUSE Package Hub 12 hdf5-devel-data-1.8.17-5.1 as a component of SUSE Package Hub 12 hdf5-devel-static-1.8.17-5.1 as a component of SUSE Package Hub 12 hdf5-examples-1.8.17-5.1 as a component of SUSE Package Hub 12 hdf5-openmpi-1.8.17-5.1 as a component of SUSE Package Hub 12 hdf5-openmpi-devel-1.8.17-5.1 as a component of SUSE Package Hub 12 hdf5-openmpi-devel-static-1.8.17-5.1 as a component of SUSE Package Hub 12 libhdf5-10-1.8.17-5.1 as a component of SUSE Package Hub 12 libhdf5-10-openmpi-1.8.17-5.1 as a component of SUSE Package Hub 12 libhdf5_cpp12-1.8.17-5.1 as a component of SUSE Package Hub 12 libhdf5_fortran10-1.8.17-5.1 as a component of SUSE Package Hub 12 libhdf5_fortran10-openmpi-1.8.17-5.1 as a component of SUSE Package Hub 12 libhdf5_hl10-1.8.17-5.1 as a component of SUSE Package Hub 12 libhdf5_hl10-openmpi-1.8.17-5.1 as a component of SUSE Package Hub 12 libhdf5_hl_cpp11-1.8.17-5.1 as a component of SUSE Package Hub 12 libhdf5hl_fortran10-1.8.17-5.1 as a component of SUSE Package Hub 12 libhdf5hl_fortran10-openmpi-1.8.17-5.1 as a component of SUSE Package Hub 12 The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library. CVE-2016-4332 SUSE Package Hub 12:hdf5-1.8.17-5.1 SUSE Package Hub 12:hdf5-devel-1.8.17-5.1 SUSE Package Hub 12:hdf5-devel-data-1.8.17-5.1 SUSE Package Hub 12:hdf5-devel-static-1.8.17-5.1 SUSE Package Hub 12:hdf5-examples-1.8.17-5.1 SUSE Package Hub 12:hdf5-openmpi-1.8.17-5.1 SUSE Package Hub 12:hdf5-openmpi-devel-1.8.17-5.1 SUSE Package Hub 12:hdf5-openmpi-devel-static-1.8.17-5.1 SUSE Package Hub 12:libhdf5-10-1.8.17-5.1 SUSE Package Hub 12:libhdf5-10-openmpi-1.8.17-5.1 SUSE Package Hub 12:libhdf5_cpp12-1.8.17-5.1 SUSE Package Hub 12:libhdf5_fortran10-1.8.17-5.1 SUSE Package Hub 12:libhdf5_fortran10-openmpi-1.8.17-5.1 SUSE Package Hub 12:libhdf5_hl10-1.8.17-5.1 SUSE Package Hub 12:libhdf5_hl10-openmpi-1.8.17-5.1 SUSE Package Hub 12:libhdf5_hl_cpp11-1.8.17-5.1 SUSE Package Hub 12:libhdf5hl_fortran10-1.8.17-5.1 SUSE Package Hub 12:libhdf5hl_fortran10-openmpi-1.8.17-5.1 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C 8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H