CVE-2016-4332

Sažetak

The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library.

Reference

http://www.debian.org/security/2016/dsa-3727
http://www.securityfocus.com/bid/94417
http://www.talosintelligence.com/reports/TALOS-2016-0178/
https://security.gentoo.org/glsa/201701-13

CVSS

Base:	6.9
Impact:	10.0
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

04-11-2017 - 01:29

Objavljeno

18-11-2016 - 20:59